From 832cf19d3bc843c7776a5beb968f72bf9f5ee465 Mon Sep 17 00:00:00 2001
From: Hassan Oladipupo <109126045+Hassan-oladipupo@users.noreply.github.com>
Date: Mon, 26 Jan 2026 12:06:37 +0100
Subject: [PATCH] Implemented Register, Login, Forgot Password, Reset Password
 API

---
 .DS_Store                                     | Bin 0 -> 6148 bytes
 backend/package-lock.json                     |  65 ++-
 backend/package.json                          |   1 +
 backend/src/auth/auth.controller.spec.ts      |  20 +
 backend/src/auth/auth.controller.ts           |  93 ++--
 backend/src/auth/auth.module.ts               |  73 +---
 backend/src/auth/auth.service.spec.ts         |  18 +
 backend/src/auth/auth.service.ts              | 397 +++++++++++++-----
 .../src/auth/common/enum/user-role-enum.ts    |   4 +
 .../decorators/current.user.decorators.ts     |   8 +
 .../decorators/getCurrentUser.decorator.ts    |  11 -
 .../src/auth/decorators/public.decorator.ts   |   4 -
 ...roles.decorator.ts => roles.decorators.ts} |   2 +-
 backend/src/auth/dto/create-user.dto.ts       |  14 +
 backend/src/auth/dto/disable-2fa.dto.ts       |   5 -
 backend/src/auth/dto/forgotPassword.dto.ts    |  12 -
 backend/src/auth/dto/login-user.dto.ts        |  10 +
 backend/src/auth/dto/logout.dto.ts            |  12 -
 backend/src/auth/dto/resend-otp.dto.ts        |   7 +
 .../src/auth/dto/resend-verification.dto.ts   |   7 -
 backend/src/auth/dto/resendVerifyEmail.dto.ts |  14 -
 backend/src/auth/dto/reset-password.dto.ts    |  16 +
 backend/src/auth/dto/resetPassword.dto.ts     |  20 -
 .../auth/dto/send-password-reset-otp.dto.ts   |   7 +
 backend/src/auth/dto/setup-2fe,dto.ts         |   3 -
 .../src/auth/dto/validate-reset-token.dto.ts  |  11 -
 backend/src/auth/dto/verify-2fa.dto.ts        |   3 -
 backend/src/auth/dto/verify-otp.dto.ts        |  12 +
 backend/src/auth/dto/verifyEmail.dto.ts       |   7 -
 .../src/auth/entities/backup-code.entity.ts   |  27 --
 .../src/auth/entities/refreshToken.entity.ts  |  46 --
 backend/src/auth/entities/two-fa.entity.ts    |  35 --
 backend/src/auth/entities/user.entity.ts      |  47 +++
 .../jwt.auth.guard.ts}                        |   3 +-
 backend/src/auth/guard/roles.guard.ts         |  42 ++
 backend/src/auth/guards/jwt.guard.ts          |  24 --
 backend/src/auth/guards/refreshToken.guard.ts |   5 -
 backend/src/auth/guards/roles.guard.ts        |  24 --
 backend/src/auth/helper/email-sender.ts       |  86 ++++
 backend/src/auth/helper/jwt-helper.ts         |  62 +++
 backend/src/auth/helper/user-helper.ts        |  44 ++
 backend/src/auth/helper/user-messages.ts      |  23 +
 .../src/auth/http/post.auth.endpoints.http    |  20 -
 backend/src/auth/interface/user.interface.ts  |   8 +
 .../auth/interfaces/authResponse.interface.ts |   6 -
 .../auth/interfaces/tokenPayload.interface.ts |   8 -
 .../providers/RefreshTokenCrud.repository.ts  | 148 -------
 backend/src/auth/providers/auth.service.ts    | 138 ------
 backend/src/auth/providers/bcrypt.provider.ts |  20 -
 .../providers/findOneRefreshToken.provider.ts |  58 ---
 .../auth/providers/generateTokens.provider.ts |  55 ---
 .../src/auth/providers/hashing.provider.ts    |   8 -
 .../src/auth/providers/loginUser.provider.ts  |  46 --
 .../auth/providers/refreshTokens.provider.ts  | 145 -------
 .../resendVerificationEmail.provider.ts       |  87 ----
 .../auth/providers/verifyEmail.provider.ts    |  50 ---
 backend/src/auth/strategies/jwt.strategy.ts   |  32 --
 .../auth/strategies/jwtRefresh.strategy.ts    |  31 --
 backend/src/auth/strategies/local.strategy.ts |  19 -
 backend/src/auth/strategy/jwt.strategy.ts     |  42 ++
 backend/src/config/app.config.ts              |   3 +
 backend/src/config/database-config.ts         |  11 +
 .../email-templates/reset-password-email.html | 181 ++++++++
 .../email-templates/verification-email.html   | 183 ++++++++
 backend/src/config/email/email.service.ts     |  94 +++++
 backend/src/config/email/sendgrid-config.ts   |  13 +
 .../pagination/dto/pagination-query.dto.ts    |  25 ++
 .../interface/paginated-response-interface.ts |  15 +
 package-lock.json                             |   6 +
 69 files changed, 1408 insertions(+), 1368 deletions(-)
 create mode 100644 .DS_Store
 create mode 100644 backend/src/auth/auth.controller.spec.ts
 create mode 100644 backend/src/auth/auth.service.spec.ts
 create mode 100644 backend/src/auth/common/enum/user-role-enum.ts
 create mode 100644 backend/src/auth/decorators/current.user.decorators.ts
 delete mode 100644 backend/src/auth/decorators/getCurrentUser.decorator.ts
 delete mode 100644 backend/src/auth/decorators/public.decorator.ts
 rename backend/src/auth/decorators/{roles.decorator.ts => roles.decorators.ts} (72%)
 create mode 100644 backend/src/auth/dto/create-user.dto.ts
 delete mode 100644 backend/src/auth/dto/disable-2fa.dto.ts
 delete mode 100644 backend/src/auth/dto/forgotPassword.dto.ts
 create mode 100644 backend/src/auth/dto/login-user.dto.ts
 delete mode 100644 backend/src/auth/dto/logout.dto.ts
 create mode 100644 backend/src/auth/dto/resend-otp.dto.ts
 delete mode 100644 backend/src/auth/dto/resend-verification.dto.ts
 delete mode 100644 backend/src/auth/dto/resendVerifyEmail.dto.ts
 create mode 100644 backend/src/auth/dto/reset-password.dto.ts
 delete mode 100644 backend/src/auth/dto/resetPassword.dto.ts
 create mode 100644 backend/src/auth/dto/send-password-reset-otp.dto.ts
 delete mode 100644 backend/src/auth/dto/setup-2fe,dto.ts
 delete mode 100644 backend/src/auth/dto/validate-reset-token.dto.ts
 delete mode 100644 backend/src/auth/dto/verify-2fa.dto.ts
 create mode 100644 backend/src/auth/dto/verify-otp.dto.ts
 delete mode 100644 backend/src/auth/dto/verifyEmail.dto.ts
 delete mode 100644 backend/src/auth/entities/backup-code.entity.ts
 delete mode 100644 backend/src/auth/entities/refreshToken.entity.ts
 delete mode 100644 backend/src/auth/entities/two-fa.entity.ts
 create mode 100644 backend/src/auth/entities/user.entity.ts
 rename backend/src/auth/{guards/local.guard.ts => guard/jwt.auth.guard.ts} (64%)
 create mode 100644 backend/src/auth/guard/roles.guard.ts
 delete mode 100644 backend/src/auth/guards/jwt.guard.ts
 delete mode 100644 backend/src/auth/guards/refreshToken.guard.ts
 delete mode 100644 backend/src/auth/guards/roles.guard.ts
 create mode 100644 backend/src/auth/helper/email-sender.ts
 create mode 100644 backend/src/auth/helper/jwt-helper.ts
 create mode 100644 backend/src/auth/helper/user-helper.ts
 create mode 100644 backend/src/auth/helper/user-messages.ts
 delete mode 100644 backend/src/auth/http/post.auth.endpoints.http
 create mode 100644 backend/src/auth/interface/user.interface.ts
 delete mode 100644 backend/src/auth/interfaces/authResponse.interface.ts
 delete mode 100644 backend/src/auth/interfaces/tokenPayload.interface.ts
 delete mode 100644 backend/src/auth/providers/RefreshTokenCrud.repository.ts
 delete mode 100644 backend/src/auth/providers/auth.service.ts
 delete mode 100644 backend/src/auth/providers/bcrypt.provider.ts
 delete mode 100644 backend/src/auth/providers/findOneRefreshToken.provider.ts
 delete mode 100644 backend/src/auth/providers/generateTokens.provider.ts
 delete mode 100644 backend/src/auth/providers/hashing.provider.ts
 delete mode 100644 backend/src/auth/providers/loginUser.provider.ts
 delete mode 100644 backend/src/auth/providers/refreshTokens.provider.ts
 delete mode 100644 backend/src/auth/providers/resendVerificationEmail.provider.ts
 delete mode 100644 backend/src/auth/providers/verifyEmail.provider.ts
 delete mode 100644 backend/src/auth/strategies/jwt.strategy.ts
 delete mode 100644 backend/src/auth/strategies/jwtRefresh.strategy.ts
 delete mode 100644 backend/src/auth/strategies/local.strategy.ts
 create mode 100644 backend/src/auth/strategy/jwt.strategy.ts
 create mode 100644 backend/src/config/app.config.ts
 create mode 100644 backend/src/config/database-config.ts
 create mode 100644 backend/src/config/email/email-templates/reset-password-email.html
 create mode 100644 backend/src/config/email/email-templates/verification-email.html
 create mode 100644 backend/src/config/email/email.service.ts
 create mode 100644 backend/src/config/email/sendgrid-config.ts
 create mode 100644 backend/src/config/pagination/dto/pagination-query.dto.ts
 create mode 100644 backend/src/config/pagination/interface/paginated-response-interface.ts
 create mode 100644 package-lock.json

diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..f51b49487a53155f9a5f1665d0c0fe36b1097a97
GIT binary patch
literal 6148
zcmeHKPfrs;6o0Q&XhCIxqChlh=*5JDVB*!VR){vnlu$y7|7v$TEi21Rv%4+Asb4|w
zegLmty?FHEM=*W_y?W9&e=5*o!pRt&m%RDCnfKmI=C`wNb^!p3oyJW72LLjp64T?<
zoFURLbx2ZXWRwuq91J)#N}=$*a46aiSOzQue;Whx-5moD>fpm3oOpkQM;=)giloaw
zl#n$P9r)e07s_b-<h8>fPF7aFI1Z*p(icX@GTHHoi<d4>I#bg#Q@N?x+1V>s=jIm{
zuGO3wukP=)BGKWEyCM`(G3>C%tte<z+I2tRt!lzvCY9ib)tu>p&`s8Oc09Co*ru4=
z@qn7{Uc?wz^Oc*;m?hN{_D;>2jQvQ2;f9EVBoKV(NxUl#N(tL9@ur{^y8$~Wx1}rI
zW>HKylvCZQM^T-(Sn=>_Soc_1=0%YtVqZqe*?hq_A|_|524u^<6jr|}5~1Ke=o>e*
z;XpwfRBdy8%ODm$n1Z^+1!vi8!QC*f3@pJNcnI6{_>SNeyn(my9zMcn_zK@~4CiqX
zm+%(e##OwJC47WF?qYy1bbg8ox034y4PZ>hz`^KNA|49fB9F|<(vcBV@DqsC@kt=o
zrT^E_c}Gzvk4^@f6svR2IBK{!5TAujSf|~s(f-z98TR{^OMeA?J&-|NE9YgvJo?PU
zc@u1$Wxz7<-!LHSL!MNkYp|zLl@4lB)Rq3UL@8v;j|Pc(gRa4zM)HuLP9@Z-XnrwJ
zr_*@e#JL808g)9LTAAiCE2H^CLA5%K=T$hMtI@WW0n5N?21az(k@x@l@BjZ#C)u85
zz%uYpF@Wi{%36`OWbW3X&B?nqPx_oxij3=NR4LS$>sT4`DxM=%LcY8-2wj6cjWj}H
PKLivFwy_NSQ3iejEd|Fd

literal 0
HcmV?d00001

diff --git a/backend/package-lock.json b/backend/package-lock.json
index 012bd75..62233ea 100644
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@@ -46,6 +46,7 @@
         "ioredis": "^5.9.2",
         "json2csv": "^6.0.0-alpha.2",
         "mjml": "^4.18.0",
+        "moment": "^2.30.1",
         "multer": "^2.0.2",
         "nestjs-command": "^3.1.5",
         "nestjs-i18n": "^10.5.1",
@@ -277,6 +278,23 @@
         }
       }
     },
+    "node_modules/@angular-devkit/schematics-cli/node_modules/chokidar": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-4.0.3.tgz",
+      "integrity": "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==",
+      "license": "MIT",
+      "optional": true,
+      "peer": true,
+      "dependencies": {
+        "readdirp": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 14.16.0"
+      },
+      "funding": {
+        "url": "https://paulmillr.com/funding/"
+      }
+    },
     "node_modules/@angular-devkit/schematics-cli/node_modules/jsonc-parser": {
       "version": "3.3.1",
       "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.3.1.tgz",
@@ -310,6 +328,7 @@
       "integrity": "sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg==",
       "license": "MIT",
       "optional": true,
+      "peer": true,
       "engines": {
         "node": ">= 14.18.0"
       },
@@ -2196,7 +2215,6 @@
       "integrity": "sha512-2BCOP7TN8M+gVDj7/ht3hsaO/B/n5oDbiAyyvnRlNOs+u1o+JWNYTQrmpuNp1/Wq2gcFrI01JAW+paEKDMx/CA==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@babel/code-frame": "^7.27.1",
         "@babel/generator": "^7.28.3",
@@ -4826,7 +4844,6 @@
       "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-4.0.3.tgz",
       "integrity": "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "readdirp": "^4.0.1"
       },
@@ -5041,7 +5058,6 @@
       "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.8.3.tgz",
       "integrity": "sha512-p1diW6TqL9L07nNxvRMM7hMMw4c5XOo/1ibL4aAIGmSAt9slTE1Xgw5KWuof2uTOvCg9BY7ZRi+GaF+7sfgPeQ==",
       "license": "Apache-2.0",
-      "peer": true,
       "bin": {
         "tsc": "bin/tsc",
         "tsserver": "bin/tsserver"
@@ -5103,7 +5119,6 @@
       "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-10.4.20.tgz",
       "integrity": "sha512-hxJxZF7jcKGuUzM9EYbuES80Z/36piJbiqmPy86mk8qOn5gglFebBTvcx7PWVbRNSb4gngASYnefBj/Y2HAzpQ==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "file-type": "20.4.1",
         "iterare": "1.2.1",
@@ -5150,7 +5165,6 @@
       "integrity": "sha512-kRdtyKA3+Tu70N3RQ4JgmO1E3LzAMs/eppj7SfjabC7TgqNWoS4RLhWl4BqmsNVmjj6D5jgfPVtHtgYkU3AfpQ==",
       "hasInstallScript": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@nuxtjs/opencollective": "0.3.2",
         "fast-safe-stringify": "2.1.1",
@@ -5231,7 +5245,6 @@
       "resolved": "https://registry.npmjs.org/@nestjs/platform-express/-/platform-express-10.4.22.tgz",
       "integrity": "sha512-ySSq7Py/DFozzZdNDH67m/vHoeVdphDniWBnl6q5QVoXldDdrZIHLXLRMPayTDh5A95nt7jjJzmD4qpTbNQ6tA==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "body-parser": "1.20.4",
         "cors": "2.8.5",
@@ -6581,7 +6594,6 @@
       "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-9.6.1.tgz",
       "integrity": "sha512-FXx2pKgId/WyYo2jXw63kk7/+TY7u7AziEJxJAnSFzHlqTAS3Ync6SvgYAN/k4/PQpnnVuzoMuVnByKK2qp0ag==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@types/estree": "*",
         "@types/json-schema": "*"
@@ -6608,7 +6620,6 @@
       "resolved": "https://registry.npmjs.org/@types/express/-/express-5.0.3.tgz",
       "integrity": "sha512-wGA0NX93b19/dZC1J18tKWVIYWyyF2ZjT9vin/NRu0qzzvfVzWjs04iq2rQ3H65vCTQYlRqs3YHfY7zjdV+9Kw==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@types/body-parser": "*",
         "@types/express-serve-static-core": "^5.0.0",
@@ -6745,7 +6756,6 @@
       "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.19.tgz",
       "integrity": "sha512-pb1Uqj5WJP7wrcbLU7Ru4QtA0+3kAXrkutGiD26wUKzSMgNNaPARTUDQmElUXp64kh3cWdou3Q0C7qwwxqSFmg==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "undici-types": "~6.21.0"
       }
@@ -6939,7 +6949,6 @@
       "integrity": "sha512-TGf22kon8KW+DeKaUmOibKWktRY8b2NSAZNdtWh798COm1NWx8+xJ6iFBtk3IvLdv6+LGLJLRlyhrhEDZWargQ==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@typescript-eslint/scope-manager": "8.45.0",
         "@typescript-eslint/types": "8.45.0",
@@ -7358,7 +7367,6 @@
       "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz",
       "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
       "license": "MIT",
-      "peer": true,
       "bin": {
         "acorn": "bin/acorn"
       },
@@ -7406,7 +7414,6 @@
       "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.12.0.tgz",
       "integrity": "sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "fast-deep-equal": "^3.1.1",
         "json-schema-traverse": "^1.0.0",
@@ -7758,7 +7765,6 @@
       "resolved": "https://registry.npmjs.org/axios/-/axios-1.12.2.tgz",
       "integrity": "sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "follow-redirects": "^1.15.6",
         "form-data": "^4.0.4",
@@ -8091,7 +8097,6 @@
         }
       ],
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "baseline-browser-mapping": "^2.8.3",
         "caniuse-lite": "^1.0.30001741",
@@ -8196,7 +8201,6 @@
       "resolved": "https://registry.npmjs.org/bull/-/bull-4.16.5.tgz",
       "integrity": "sha512-lDsx2BzkKe7gkCYiT5Acj02DpTwDznl/VNN7Psn7M3USPG7Vs/BaClZJJTAG+ufAR9++N1/NiUTdaFBWDIl5TQ==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "cron-parser": "^4.9.0",
         "get-port": "^5.1.1",
@@ -8244,7 +8248,6 @@
       "resolved": "https://registry.npmjs.org/cache-manager/-/cache-manager-7.2.8.tgz",
       "integrity": "sha512-0HDaDLBBY/maa/LmUVAr70XUOwsiQD+jyzCBjmUErYZUKdMS9dT59PqW59PpVqfGM7ve6H0J6307JTpkCYefHQ==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@cacheable/utils": "^2.3.3",
         "keyv": "^5.5.5"
@@ -8544,15 +8547,13 @@
       "version": "0.5.1",
       "resolved": "https://registry.npmjs.org/class-transformer/-/class-transformer-0.5.1.tgz",
       "integrity": "sha512-SQa1Ws6hUbfC98vKGxZH3KFY0Y1lm5Zm0SY8XX9zbK7FJCyVEac3ATW0RIpwzW+oOfmHE5PMPufDG9hCfoEOMw==",
-      "license": "MIT",
-      "peer": true
+      "license": "MIT"
     },
     "node_modules/class-validator": {
       "version": "0.14.3",
       "resolved": "https://registry.npmjs.org/class-validator/-/class-validator-0.14.3.tgz",
       "integrity": "sha512-rXXekcjofVN1LTOSw+u4u9WXVEUvNBVjORW154q/IdmYWy1nMbOU9aNtZB0t8m+FJQ9q91jlr2f9CwwUFdFMRA==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@types/validator": "^13.15.3",
         "libphonenumber-js": "^1.11.1",
@@ -9634,7 +9635,6 @@
       "deprecated": "This version is no longer supported. Please see https://eslint.org/version-support for other options.",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.2.0",
         "@eslint-community/regexpp": "^4.6.1",
@@ -9691,7 +9691,6 @@
       "integrity": "sha512-iI1f+D2ViGn+uvv5HuHVUamg8ll4tN+JRHGc6IJi4TP9Kl976C57fzPXgseXNs8v0iA8aSJpHsTWjDb9QJamGQ==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "bin": {
         "eslint-config-prettier": "bin/cli.js"
       },
@@ -11583,7 +11582,6 @@
       "integrity": "sha512-NIy3oAFp9shda19hy4HK0HRTWKtPJmGdnvywu01nOqNC2vZg+Z+fvJDxpMQA88eb2I9EcafcdjYgsDthnYTvGw==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@jest/core": "^29.7.0",
         "@jest/types": "^29.6.3",
@@ -12563,7 +12561,6 @@
       "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.6.0.tgz",
       "integrity": "sha512-CYDD3SOtsHtyXeEORYRx2qBtpDJFjRTGXUtmNEMGyzYOKj1TE3tycdlho7kA1Ufx9OYWZzg52QFBGALTirzDSw==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@keyv/serialize": "^1.1.1"
       }
@@ -13589,6 +13586,15 @@
         "mkdirp": "bin/cmd.js"
       }
     },
+    "node_modules/moment": {
+      "version": "2.30.1",
+      "resolved": "https://registry.npmjs.org/moment/-/moment-2.30.1.tgz",
+      "integrity": "sha512-uEmtNhbDOrWPFS+hdjFCBfy9f2YoyzRpwcl+DqpC6taX21FzsTLQVbMV/W7PzNSX6x/bhC1zA3c2UQ5NzH6how==",
+      "license": "MIT",
+      "engines": {
+        "node": "*"
+      }
+    },
     "node_modules/moo": {
       "version": "0.5.2",
       "resolved": "https://registry.npmjs.org/moo/-/moo-0.5.2.tgz",
@@ -13828,7 +13834,6 @@
       "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-7.0.12.tgz",
       "integrity": "sha512-H+rnK5bX2Pi/6ms3sN4/jRQvYSMltV6vqup/0SFOrxYYY/qoNvhXPlYq3e+Pm9RFJRwrMGbMIwi81M4dxpomhA==",
       "license": "MIT-0",
-      "peer": true,
       "engines": {
         "node": ">=6.0.0"
       }
@@ -14152,7 +14157,6 @@
       "resolved": "https://registry.npmjs.org/passport/-/passport-0.7.0.tgz",
       "integrity": "sha512-cPLl+qZpSc+ireUvt+IzqbED1cHHkDoVYMo30jbJIdOOjQ1MQYZBPiNvmi8UM6lJuOpTPXJGZQk0DtC4y61MYQ==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "passport-strategy": "1.x.x",
         "pause": "0.0.1",
@@ -14290,7 +14294,6 @@
       "resolved": "https://registry.npmjs.org/pg/-/pg-8.16.3.tgz",
       "integrity": "sha512-enxc1h0jA/aq5oSDMvqyW3q89ra6XIIDZgCX9vkMrnz5DFTw/Ny3Li2lFQ+pt3L6MCgm/5o2o8HW9hiJji+xvw==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "pg-connection-string": "^2.9.1",
         "pg-pool": "^3.10.1",
@@ -14551,7 +14554,6 @@
       "integrity": "sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "bin": {
         "prettier": "bin/prettier.cjs"
       },
@@ -15101,7 +15103,6 @@
       "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.2.tgz",
       "integrity": "sha512-dhKf903U/PQZY6boNNtAGdWbG85WAbjT/1xYoZIC7FAY0yWapOBQVsVrDl58W86//e1VpMNBtRV4MaXfdMySFA==",
       "license": "Apache-2.0",
-      "peer": true,
       "dependencies": {
         "tslib": "^2.1.0"
       }
@@ -15173,7 +15174,6 @@
       "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
       "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "fast-deep-equal": "^3.1.1",
         "fast-json-stable-stringify": "^2.0.0",
@@ -16280,7 +16280,6 @@
       "integrity": "sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==",
       "devOptional": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@cspotcode/source-map-support": "^0.8.0",
         "@tsconfig/node10": "^1.0.7",
@@ -16437,7 +16436,6 @@
       "resolved": "https://registry.npmjs.org/typeorm/-/typeorm-0.3.27.tgz",
       "integrity": "sha512-pNV1bn+1n8qEe8tUNsNdD8ejuPcMAg47u2lUGnbsajiNUr3p2Js1XLKQjBMH0yMRMDfdX8T+fIRejFmIwy9x4A==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@sqltools/formatter": "^1.2.5",
         "ansis": "^3.17.0",
@@ -16564,7 +16562,6 @@
       "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.2.tgz",
       "integrity": "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A==",
       "license": "Apache-2.0",
-      "peer": true,
       "bin": {
         "tsc": "bin/tsc",
         "tsserver": "bin/tsserver"
@@ -17071,6 +17068,7 @@
       "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz",
       "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==",
       "license": "BSD-2-Clause",
+      "peer": true,
       "dependencies": {
         "esrecurse": "^4.3.0",
         "estraverse": "^4.1.1"
@@ -17084,6 +17082,7 @@
       "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz",
       "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==",
       "license": "BSD-2-Clause",
+      "peer": true,
       "engines": {
         "node": ">=4.0"
       }
@@ -17093,6 +17092,7 @@
       "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.3.2.tgz",
       "integrity": "sha512-Gn/JaSk/Mt9gYubxTtSn/QCV4em9mpAPiR1rqy/Ocu19u/G9J5WWdNoUT4SiV6mFC3y6cxyFcFwdzPM3FgxGAQ==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@types/json-schema": "^7.0.9",
         "ajv": "^8.9.0",
@@ -17264,7 +17264,6 @@
       "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz",
       "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "cliui": "^8.0.1",
         "escalade": "^3.1.1",
diff --git a/backend/package.json b/backend/package.json
index 020e580..966fe01 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -65,6 +65,7 @@
     "ioredis": "^5.9.2",
     "json2csv": "^6.0.0-alpha.2",
     "mjml": "^4.18.0",
+    "moment": "^2.30.1",
     "multer": "^2.0.2",
     "nestjs-command": "^3.1.5",
     "nestjs-i18n": "^10.5.1",
diff --git a/backend/src/auth/auth.controller.spec.ts b/backend/src/auth/auth.controller.spec.ts
new file mode 100644
index 0000000..58dee31
--- /dev/null
+++ b/backend/src/auth/auth.controller.spec.ts
@@ -0,0 +1,20 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { AuthController } from './auth.controller';
+import { AuthService } from './auth.service';
+
+describe('AuthController', () => {
+  let controller: AuthController;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      controllers: [AuthController],
+      providers: [AuthService],
+    }).compile();
+
+    controller = module.get<AuthController>(AuthController);
+  });
+
+  it('should be defined', () => {
+    expect(controller).toBeDefined();
+  });
+});
diff --git a/backend/src/auth/auth.controller.ts b/backend/src/auth/auth.controller.ts
index 8c67193..3bde600 100644
--- a/backend/src/auth/auth.controller.ts
+++ b/backend/src/auth/auth.controller.ts
@@ -1,47 +1,88 @@
-import { Controller, Post, Body, HttpCode, HttpStatus } from '@nestjs/common';
-import { ResendVerificationDto } from './dto/resend-verification.dto';
-import { AuthService } from './providers/auth.service';
-import { VerifyEmailDto } from './dto/verifyEmail.dto';
-import { ForgotPasswordDto } from './dto/forgotPassword.dto';
-import { ValidateResetTokenDto } from './dto/validate-reset-token.dto';
-import { ResetPasswordDto } from './dto/resetPassword.dto';
+import {
+  Controller,
+  Post,
+  Body,
+  UseGuards,
+  Get,
+  HttpCode,
+  HttpStatus,
+} from '@nestjs/common';
+import { AuthService } from './auth.service';
+import { CreateUserDto } from './dto/create-user.dto';
+import { LoginUserDto } from './dto/login-user.dto';
+import { JwtAuthGuard } from './guard/jwt.auth.guard';
+import { RolesGuard } from './guard/roles.guard';
+import { Roles } from './decorators/roles.decorators';
+import { UserRole } from './common/enum/user-role-enum';
+import { User } from './entities/user.entity';
+import { CurrentUser } from './decorators/current.user.decorators';
+import { VerifyOtpDto } from './dto/verify-otp.dto';
+import { ResetPasswordDto } from './dto/reset-password.dto';
+import { ResendOtpDto } from './dto/resend-otp.dto';
+import { SendPasswordResetOtpDto } from './dto/send-password-reset-otp.dto';
 
-@Controller('auth')
+@Controller('api/v1/auth')
 export class AuthController {
   constructor(private readonly authService: AuthService) {}
 
-  @Post('verify-email')
-  @HttpCode(HttpStatus.OK)
-  async verifyEmail(@Body() verifyEmailDto: VerifyEmailDto) {
-    return this.authService.verifyEmail(verifyEmailDto.token);
+  @Post('register')
+  @HttpCode(HttpStatus.CREATED)
+  create(@Body() createUserDto: CreateUserDto) {
+    return this.authService.createUser(createUserDto);
   }
 
-  @Post('resend-verification')
+  @Post('verify-otp')
+  @HttpCode(HttpStatus.OK)
+  verifyOtp(@Body() verifyOtpDto: VerifyOtpDto) {
+    return this.authService.verifyOtp(verifyOtpDto);
+  }
+  @Post('register-admin')
+  @HttpCode(HttpStatus.CREATED)
+  @Roles(UserRole.ADMIN)
+  @UseGuards(JwtAuthGuard, RolesGuard)
+  createAdmin(@Body() createUserDto: CreateUserDto) {
+    return this.authService.createAdminUser(createUserDto);
+  }
+  @Post('login')
+  @HttpCode(HttpStatus.OK)
+  login(@Body() loginUserDto: LoginUserDto) {
+    return this.authService.login(loginUserDto);
+  }
+  @Post('refresh-token')
   @HttpCode(HttpStatus.OK)
-  async resendVerification(@Body() resendDto: ResendVerificationDto) {
-    return this.authService.resendVerificationEmail(resendDto.email);
+  refreshToken(@Body('refreshToken') refreshToken: string) {
+    return this.authService.refreshToken(refreshToken);
   }
 
-  @Post('forgot-password')
+  @Get('current-user')
   @HttpCode(HttpStatus.OK)
-  async forgotPassword(@Body() forgotPasswordDto: ForgotPasswordDto) {
-    return this.authService.forgotPassword(forgotPasswordDto.email);
+  @UseGuards(JwtAuthGuard)
+  retrieveCurrentUser(@CurrentUser() user: User) {
+    return user;
   }
 
-  @Post('validate-reset-token')
+  @Post('send-reset-password-otp')
   @HttpCode(HttpStatus.OK)
-  async validateResetToken(
-    @Body() validateResetTokenDto: ValidateResetTokenDto,
+  requestResetPasswordOtp(
+    @Body() sendPasswordResetOtpDto: SendPasswordResetOtpDto,
   ) {
-    return this.authService.validateResetToken(validateResetTokenDto.token);
+    return this.authService.requestResetPasswordOtp(sendPasswordResetOtpDto);
+  }
+  @Post('resend-reset-password-otp')
+  @HttpCode(HttpStatus.OK)
+  resendResetPasswordVerificationOtp(@Body() resendOtpDto: ResendOtpDto) {
+    return this.authService.resendResetPasswordVerificationOtp(resendOtpDto);
+  }
+
+  @Post('verify-reset-password-otp')
+  @HttpCode(HttpStatus.OK)
+  verifyResetPasswordOtp(@Body() verifyOtpDto: VerifyOtpDto) {
+    return this.authService.verifyResetPasswordOtp(verifyOtpDto);
   }
 
   @Post('reset-password')
   @HttpCode(HttpStatus.OK)
   async resetPassword(@Body() resetPasswordDto: ResetPasswordDto) {
-    return this.authService.resetPassword(
-      resetPasswordDto.token,
-      resetPasswordDto.newPassword,
-    );
+    return this.authService.resetPassword(resetPasswordDto);
   }
 }
diff --git a/backend/src/auth/auth.module.ts b/backend/src/auth/auth.module.ts
index dd72d4a..279c740 100644
--- a/backend/src/auth/auth.module.ts
+++ b/backend/src/auth/auth.module.ts
@@ -1,68 +1,31 @@
-import { Module, forwardRef } from '@nestjs/common';
-import { TypeOrmModule } from '@nestjs/typeorm';
-import { RefreshToken } from './entities/refreshToken.entity';
-import { User } from '../users/entities/user.entity';
+import { Module } from '@nestjs/common';
+import { AuthService } from './auth.service';
 import { AuthController } from './auth.controller';
-import { AuthService } from './providers/auth.service';
-import { UsersModule } from '../users/users.module';
-import { HashingProvider } from './providers/hashing.provider';
-import { BcryptProvider } from './providers/bcrypt.provider';
-import { LocalStrategy } from './strategies/local.strategy';
-import { JwtStrategy } from './strategies/jwt.strategy';
-import { JwtRefreshStrategy } from './strategies/jwtRefresh.strategy';
-import { LoginUserProvider } from './providers/loginUser.provider';
-import { GenerateTokensProvider } from './providers/generateTokens.provider';
-import { RefreshTokensProvider } from './providers/refreshTokens.provider';
-import { RefreshTokenRepositoryOperations } from './providers/RefreshTokenCrud.repository';
-import { FindOneRefreshTokenProvider } from './providers/findOneRefreshToken.provider';
-import { ConfigModule, ConfigService } from '@nestjs/config';
+import { UserHelper } from './helper/user-helper';
+import { JwtHelper } from './helper/jwt-helper';
+import { TypeOrmModule } from '@nestjs/typeorm';
+import { User } from './entities/user.entity';
 import { JwtModule } from '@nestjs/jwt';
-import { VerifyEmailProvider } from './providers/verifyEmail.provider';
-import { ResendVerificationEmailProvider } from './providers/resendVerificationEmail.provider';
-// import { EmailModule } from '../email/email.module';
+import { RolesGuard } from './guard/roles.guard';
+import { PassportModule } from '@nestjs/passport';
+import { JwtStrategy } from './strategy/jwt.strategy';
+import { EmailService } from './helper/email-sender';
 
 @Module({
   imports: [
-    TypeOrmModule.forFeature([RefreshToken, User]),
-    forwardRef(() => UsersModule),
-    // EmailModule,
-    ConfigModule,
-    JwtModule.registerAsync({
-      imports: [ConfigModule],
-      inject: [ConfigService],
-      useFactory: (configService: ConfigService) => ({
-        secret: configService.get('JWT_SECRET'),
-        signOptions: {
-          expiresIn: configService.get('JWT_ACCESS_EXPIRATION'),
-        },
-      }),
-    }),
+    TypeOrmModule.forFeature([User]),
+    JwtModule.register({}),
+    PassportModule,
   ],
   controllers: [AuthController],
   providers: [
     AuthService,
-    {
-      provide: HashingProvider,
-      useClass: BcryptProvider,
-    },
-    LocalStrategy,
+    UserHelper,
+    JwtHelper,
     JwtStrategy,
-    JwtRefreshStrategy,
-    LoginUserProvider,
-    GenerateTokensProvider,
-    RefreshTokensProvider,
-    RefreshTokenRepositoryOperations,
-    FindOneRefreshTokenProvider,
-    VerifyEmailProvider,
-    ResendVerificationEmailProvider,
-  ],
-  exports: [
-    AuthService,
-    HashingProvider,
-    GenerateTokensProvider,
-    RefreshTokensProvider,
-    RefreshTokenRepositoryOperations,
-    FindOneRefreshTokenProvider,
+    RolesGuard,
+    EmailService,
   ],
+  exports: [AuthService, RolesGuard],
 })
 export class AuthModule {}
diff --git a/backend/src/auth/auth.service.spec.ts b/backend/src/auth/auth.service.spec.ts
new file mode 100644
index 0000000..800ab66
--- /dev/null
+++ b/backend/src/auth/auth.service.spec.ts
@@ -0,0 +1,18 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { AuthService } from './auth.service';
+
+describe('AuthService', () => {
+  let service: AuthService;
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [AuthService],
+    }).compile();
+
+    service = module.get<AuthService>(AuthService);
+  });
+
+  it('should be defined', () => {
+    expect(service).toBeDefined();
+  });
+});
diff --git a/backend/src/auth/auth.service.ts b/backend/src/auth/auth.service.ts
index 3ff9102..7ac218b 100644
--- a/backend/src/auth/auth.service.ts
+++ b/backend/src/auth/auth.service.ts
@@ -1,184 +1,361 @@
 import {
-  Injectable,
   BadRequestException,
+  ConflictException,
+  Injectable,
+  InternalServerErrorException,
   NotFoundException,
   UnauthorizedException,
 } from '@nestjs/common';
-import { randomBytes } from 'crypto';
-import { UsersService } from 'src/users/providers/users.service';
-import { ForgotPasswordDto } from './dto/forgotPassword.dto';
-import { ValidateResetTokenDto } from './dto/validate-reset-token.dto';
-import { ResetPasswordDto } from './dto/resetPassword.dto';
-import { HashingProvider } from './providers/hashing.provider';
-import { RefreshTokenRepositoryOperations } from './providers/RefreshTokenCrud.repository';
+import { CreateUserDto } from './dto/create-user.dto';
+import { LoginUserDto } from './dto/login-user.dto';
+import { User } from './entities/user.entity';
+import { Repository } from 'typeorm';
+import { UserHelper } from './helper/user-helper';
+import { InjectRepository } from '@nestjs/typeorm';
+import { UserMessages } from './helper/user-messages';
+import { UserRole } from './common/enum/user-role-enum';
+import { JwtHelper } from './helper/jwt-helper';
+import moment from 'moment';
+import { VerifyOtpDto } from './dto/verify-otp.dto';
+import { SendPasswordResetOtpDto } from './dto/send-password-reset-otp.dto';
+import { ResendOtpDto } from './dto/resend-otp.dto';
+import { ResetPasswordDto } from './dto/reset-password.dto';
 
 @Injectable()
 export class AuthService {
   constructor(
-    private usersService: UsersService,
-    private hashingProvider: HashingProvider,
-    private refreshTokenRepositoryOperations: RefreshTokenRepositoryOperations,
+    @InjectRepository(User)
+    private readonly userRepository: Repository<User>,
+    private readonly userHelper: UserHelper,
+    private readonly jwtHelper: JwtHelper,
   ) {}
 
-  async verifyEmail(token: string) {
-    // 1. Find user by verification token
-    const user = await this.usersService.findByVerificationToken(token);
+  async createUser(createUserDto: CreateUserDto) {
+    const existingUser = await this.userRepository.findOne({
+      where: { email: createUserDto.email },
+    });
 
-    if (!user) {
-      throw new BadRequestException('Invalid verification token');
+    if (existingUser) {
+      throw new ConflictException(UserMessages.EMAIL_ALREADY_EXIST);
     }
 
-    // 2. Check expiry (24 hours)
-    if (new Date() > user.verificationTokenExpiry) {
-      throw new BadRequestException('Verification token has expired');
+    const validPassword = this.userHelper.isValidPassword(
+      createUserDto.password,
+    );
+    if (!validPassword) {
+      throw new ConflictException(UserMessages.IS_VALID_PASSWORD);
     }
+    const hashedPassword = await this.userHelper.hashPassword(
+      createUserDto.password,
+    );
+    const verificationCode = this.userHelper.generateVerificationCode();
+    const expiration = moment().add(10, 'minutes').toDate();
+    const newUser = this.userRepository.create({
+      email: createUserDto.email,
+      fullName: createUserDto.fullName,
+      password: hashedPassword,
+      role: UserRole.SUBSCRIBER,
+      verificationCode: verificationCode,
+      verificationCodeExpiresAt: expiration,
+      isVerified: false,
+    });
+    await this.userRepository.save(newUser);
+    // await this.emailService.sendVerificationEmail(
+    //   createUserDto.email,
+    //   verificationCode,
+    //   createUserDto.fullName,
+    // );
+
+    return {
+      message: UserMessages.USER_CREATED_SUCCESSFULLY,
+    };
+  }
 
-    // 3. Mark verified, active, and clear token
-    await this.usersService.updateUser(user.id, {
-      isVerified: true,
-      isActive: true,
-      verificationToken: null,
-      verificationTokenExpiry: null,
+  async createAdminUser(createUserDto: CreateUserDto) {
+    const existingUser = await this.userRepository.findOne({
+      where: { email: createUserDto.email },
     });
 
-    return { message: 'Email verified successfully' };
+    if (existingUser) {
+      throw new ConflictException(UserMessages.EMAIL_ALREADY_EXIST);
+    }
+
+    const validPassword = this.userHelper.isValidPassword(
+      createUserDto.password,
+    );
+    if (!validPassword) {
+      throw new ConflictException(UserMessages.IS_VALID_PASSWORD);
+    }
+    const hashedPassword = await this.userHelper.hashPassword(
+      createUserDto.password,
+    );
+    const newUser = this.userRepository.create({
+      email: createUserDto.email,
+      fullName: createUserDto.fullName,
+      password: hashedPassword,
+      role: UserRole.ADMIN,
+    });
+    await this.userRepository.save(newUser);
+    return {
+      message: UserMessages.USER_CREATED_SUCCESSFULLY,
+    };
   }
 
-  async resendVerification(email: string) {
-    const user = await this.usersService.findUserByEmail(email);
+  async verifyOtp(verifyOtpDto: VerifyOtpDto) {
+    const { email, otp } = verifyOtpDto;
+
+    if (!email) {
+      throw new BadRequestException(UserMessages.EMAIL_REQUIRED);
+    }
+
+    if (!otp) {
+      throw new BadRequestException(UserMessages.OTP_REQUIRED);
+    }
+
+    const user = await this.userRepository.findOne({ where: { email } });
 
     if (!user) {
-      throw new NotFoundException('User not found');
+      throw new UnauthorizedException(UserMessages.USER_NOT_FOUND);
     }
 
-    if (user.isVerified) {
-      throw new BadRequestException('Email is already verified');
+    if (user.verificationCode !== otp) {
+      throw new UnauthorizedException(UserMessages.INVALID_OTP);
     }
 
-    // 4. Rate Limiting (1 per minute)
-    const oneMinuteAgo = new Date(Date.now() - 60 * 1000);
     if (
-      user.lastVerificationEmailSent &&
-      user.lastVerificationEmailSent > oneMinuteAgo
+      !user.verificationCodeExpiresAt ||
+      user.verificationCodeExpiresAt < new Date()
     ) {
-      throw new BadRequestException('Please wait 60 seconds before resending');
+      throw new UnauthorizedException(UserMessages.OTP_EXPIRED);
     }
 
-    // 5. Generate new token (24h expiry)
-    const token = randomBytes(32).toString('hex');
-    const expiryDate = new Date();
-    expiryDate.setHours(expiryDate.getHours() + 24);
+    user.isVerified = true;
+    user.verificationCode = '';
+    user.verificationCodeExpiresAt = undefined;
 
-    // Update user with new token and timestamp
-    await this.usersService.updateUser(user.id, {
-      verificationToken: token,
-      verificationTokenExpiry: expiryDate,
-      lastVerificationEmailSent: new Date(),
-    });
+    await this.userRepository.save(user);
 
-    // 6. Send Email
-    // await this.emailService.sendVerificationEmail(user.email, token);
+    const tokens = this.jwtHelper.generateTokens(user);
 
-    return { message: 'Verification email sent' };
+    return {
+      message: UserMessages.VERIFY_OTP_SUCCESS,
+      user: this.userHelper.formatUserResponse(user),
+      tokens: tokens,
+    };
   }
 
-  async forgotPassword(forgotPasswordDto: ForgotPasswordDto) {
-    const { email } = forgotPasswordDto;
-    const user = await this.usersService.findUserByEmail(email);
-
-    if (!user) {
-      // Don't reveal if email exists or not for security
-      return {
-        message:
-          'If email is registered, password reset instructions have been sent',
-      };
+  async resendVerificationOtp(email: string) {
+    try {
+      if (!email) {
+        throw new BadRequestException(UserMessages.EMAIL_REQUIRED);
+      }
+
+      const user = await this.userRepository.findOne({ where: { email } });
+      if (!user) {
+        throw new NotFoundException(UserMessages.USER_NOT_FOUND);
+      }
+
+      const verificationCode = this.userHelper.generateVerificationCode();
+
+      user.verificationCode = verificationCode;
+      user.verificationCodeExpiresAt = moment().add(10, 'minutes').toDate();
+      await this.userRepository.save(user);
+
+      // await this.emailService.sendVerificationEmail(
+      //   user.email,
+      //   verificationCode,
+      //   user.fullName,
+      // );
+
+      return { message: UserMessages.OTP_SENT };
+    } catch (error) {
+      throw new InternalServerErrorException(
+        error || 'Error resending verification code',
+      );
     }
+  }
 
-    // Rate limiting: 3 requests per hour per email
-    const oneHourAgo = new Date(Date.now() - 60 * 60 * 1000);
+  async login(loginUserDto: LoginUserDto) {
+    const user = await this.userRepository.findOne({
+      where: { email: loginUserDto.email },
+    });
     if (
-      user.lastPasswordResetSentAt &&
-      user.lastPasswordResetSentAt > oneHourAgo
+      !user ||
+      !(await this.userHelper.verifyPassword(
+        loginUserDto.password,
+        user.password,
+      ))
     ) {
-      throw new BadRequestException(
-        'Too many password reset requests. Please wait 1 hour before trying again.',
-      );
+      throw new UnauthorizedException(UserMessages.INVALID_CREDENTIALS);
     }
 
-    // Generate 32-byte random hex token
-    const token = randomBytes(32).toString('hex');
+    if (!user.isVerified) {
+      await this.resendVerificationOtp(loginUserDto.email);
+      return {
+        message: UserMessages.EMAIL_NOT_VERIFIED,
+        user: this.userHelper.formatUserResponse(user),
+      };
+    }
+    const tokens = this.jwtHelper.generateTokens(user);
+    return {
+      user: this.userHelper.formatUserResponse(user),
+      tokens: tokens,
+    };
+  }
+  async refreshToken(refreshToken: string) {
+    const validatedRefreshToken =
+      this.jwtHelper.validateRefreshToken(refreshToken);
+    const userId = Number(validatedRefreshToken);
+    const user = await this.userRepository.findOne({
+      where: { id: userId },
+    });
+    if (!user) {
+      throw new UnauthorizedException(UserMessages.INVALID_REFRESH_TOKEN);
+    }
+    const accessToken = this.jwtHelper.generateAccessToken(user);
+    return { accessToken };
+  }
+  async retrieveUserById(userId: number) {
+    const user = await this.userRepository.findOne({
+      where: { id: userId },
+    });
+    if (!user) {
+      throw new UnauthorizedException('User not found.');
+    }
+    const result = this.userHelper.formatUserResponse(user);
+    return result;
+  }
 
-    // Set token expiry to 1 hour
-    const expiryDate = new Date();
-    expiryDate.setHours(expiryDate.getHours() + 1);
+  async requestResetPasswordOtp(
+    sendPasswordResetOtpDto: SendPasswordResetOtpDto,
+  ) {
+    if (!sendPasswordResetOtpDto.email) {
+      throw new BadRequestException(UserMessages.EMAIL_REQUIRED);
+    }
 
-    // Update user with reset token and timestamp
-    await this.usersService.updateUser(user.id, {
-      passwordResetToken: token,
-      passwordResetExpiresIn: expiryDate,
-      lastPasswordResetSentAt: new Date(),
+    const user = await this.userRepository.findOne({
+      where: { email: sendPasswordResetOtpDto.email },
     });
 
-    // Send password reset email
-    // await this.emailService.sendPasswordResetEmail(user.email, token);
+    if (!user) {
+      throw new NotFoundException(UserMessages.USER_NOT_FOUND);
+    }
+
+    const otp = this.userHelper.generateVerificationCode();
+
+    user.passwordResetCode = otp;
+    user.passwordResetCodeExpiresAt = moment().add(10, 'minutes').toDate();
+    await this.userRepository.save(user);
 
-    return { message: 'Password reset instructions sent to email' };
+    // await this.emailService.sendPasswordResetEmail(
+    //   user.email,
+    //   otp,
+    //   user.fullName,
+    // );
+
+    return { message: UserMessages.OTP_SENT };
   }
 
-  async validateResetToken(validateResetTokenDto: ValidateResetTokenDto) {
-    const { token } = validateResetTokenDto;
+  async resendResetPasswordVerificationOtp(resendOtpDto: ResendOtpDto) {
+    try {
+      if (!resendOtpDto.email) {
+        throw new BadRequestException(UserMessages.EMAIL_REQUIRED);
+      }
+
+      const user = await this.userRepository.findOne({
+        where: { email: resendOtpDto.email },
+      });
+      if (!user) {
+        throw new NotFoundException(UserMessages.USER_NOT_FOUND);
+      }
+
+      const otp = this.userHelper.generateVerificationCode();
+
+      user.passwordResetCode = otp;
+      user.passwordResetCodeExpiresAt = moment().add(10, 'minutes').toDate();
+      await this.userRepository.save(user);
+
+      // await this.emailService.sendPasswordResetEmail(
+      //   user.email,
+      //   otp,
+      //   user.fullName,
+      // );
+
+      return { message: UserMessages.OTP_SENT };
+    } catch (error) {
+      throw new InternalServerErrorException(
+        error || 'Error resending verification code',
+      );
+    }
+  }
 
-    const user = await this.usersService.findByPasswordResetToken(token);
+  async verifyResetPasswordOtp(verifyOtpDto: VerifyOtpDto) {
+    if (!verifyOtpDto.email) {
+      throw new BadRequestException(UserMessages.EMAIL_REQUIRED);
+    }
+
+    if (!verifyOtpDto.otp) {
+      throw new BadRequestException(UserMessages.OTP_REQUIRED);
+    }
+
+    const user = await this.userRepository.findOne({
+      where: { email: verifyOtpDto.email },
+    });
 
     if (!user) {
-      throw new BadRequestException('Invalid reset token');
+      throw new NotFoundException(UserMessages.USER_NOT_FOUND);
+    }
+
+    if (user.passwordResetCode !== verifyOtpDto.otp) {
+      throw new UnauthorizedException(UserMessages.INVALID_OTP);
     }
 
     if (
-      !user.passwordResetExpiresIn ||
-      user.passwordResetExpiresIn < new Date()
+      !user.passwordResetCodeExpiresAt ||
+      (user.passwordResetCodeExpiresAt instanceof Date &&
+        user.passwordResetCodeExpiresAt < new Date())
     ) {
-      throw new BadRequestException('Reset token has expired');
+      throw new UnauthorizedException(UserMessages.OTP_EXPIRED);
     }
 
-    return {
-      message: 'Token is valid',
-      email: user.email,
-    };
+    await this.userRepository.save(user);
+
+    return { message: UserMessages.OTP_VERIFIED };
   }
 
   async resetPassword(resetPasswordDto: ResetPasswordDto) {
-    const { token, newPassword } = resetPasswordDto;
+    const { otp, newPassword, confirmNewPassword } = resetPasswordDto;
 
-    const user = await this.usersService.findByPasswordResetToken(token);
+    const user = await this.userRepository.findOneBy({
+      passwordResetCode: otp,
+    });
 
     if (!user) {
-      throw new BadRequestException('Invalid reset token');
+      throw new NotFoundException(UserMessages.USER_NOT_FOUND);
     }
 
     if (
-      !user.passwordResetExpiresIn ||
-      user.passwordResetExpiresIn < new Date()
+      !user.passwordResetCodeExpiresAt ||
+      user.passwordResetCodeExpiresAt < new Date()
     ) {
-      throw new BadRequestException('Reset token has expired');
+      throw new UnauthorizedException(UserMessages.OTP_EXPIRED);
     }
 
-    // Hash new password with bcrypt (12 rounds)
-    const hashedPassword = await this.hashingProvider.hash(newPassword);
-
-    // Update user password and clear reset token
-    await this.usersService.updateUser(user.id, {
-      password: hashedPassword,
-      passwordResetToken: null,
-      passwordResetExpiresIn: null,
-    });
+    if (!this.userHelper.isValidPassword(newPassword)) {
+      throw new BadRequestException(UserMessages.IS_VALID_PASSWORD);
+    }
 
-    // Invalidate all user sessions
-    await this.refreshTokenRepositoryOperations.revokeAllRefreshTokens(user.id);
+    if (newPassword !== confirmNewPassword) {
+      throw new BadRequestException(UserMessages.PASSWORDS_DO_NOT_MATCH);
+    }
+    user.password = await this.userHelper.hashPassword(newPassword);
+    user.passwordResetCode = undefined;
+    user.passwordResetCodeExpiresAt = undefined;
 
-    // Send confirmation email
-    // await this.emailService.sendPasswordChangedEmail(user.email);
+    await this.userRepository.save(user);
 
-    return { message: 'Password reset successful' };
+    return {
+      message: UserMessages.PASSWORDS_RESET_SUCCESSFUL,
+    };
   }
 }
diff --git a/backend/src/auth/common/enum/user-role-enum.ts b/backend/src/auth/common/enum/user-role-enum.ts
new file mode 100644
index 0000000..b8c8da5
--- /dev/null
+++ b/backend/src/auth/common/enum/user-role-enum.ts
@@ -0,0 +1,4 @@
+export enum UserRole {
+  SUBSCRIBER = 'SUBSCRIBER',
+  ADMIN = 'ADMIN',
+}
diff --git a/backend/src/auth/decorators/current.user.decorators.ts b/backend/src/auth/decorators/current.user.decorators.ts
new file mode 100644
index 0000000..7fc3ab3
--- /dev/null
+++ b/backend/src/auth/decorators/current.user.decorators.ts
@@ -0,0 +1,8 @@
+import { createParamDecorator, ExecutionContext } from '@nestjs/common';
+import { User } from '../entities/user.entity';
+export const CurrentUser = createParamDecorator(
+  (data: unknown, ctx: ExecutionContext): User => {
+    const request = ctx.switchToHttp().getRequest<{ user: User }>();
+    return request.user;
+  },
+);
diff --git a/backend/src/auth/decorators/getCurrentUser.decorator.ts b/backend/src/auth/decorators/getCurrentUser.decorator.ts
deleted file mode 100644
index 3c5970b..0000000
--- a/backend/src/auth/decorators/getCurrentUser.decorator.ts
+++ /dev/null
@@ -1,11 +0,0 @@
-import { createParamDecorator, ExecutionContext } from '@nestjs/common';
-import { User } from '../../users/entities/user.entity';
-
-export const GetCurrentUser = createParamDecorator(
-  (key: keyof User | undefined, ctx: ExecutionContext): User | any => {
-    const request = ctx.switchToHttp().getRequest();
-    const user = request.user;
-
-    return key ? user?.[key] : user;
-  },
-);
diff --git a/backend/src/auth/decorators/public.decorator.ts b/backend/src/auth/decorators/public.decorator.ts
deleted file mode 100644
index b3845e1..0000000
--- a/backend/src/auth/decorators/public.decorator.ts
+++ /dev/null
@@ -1,4 +0,0 @@
-import { SetMetadata } from '@nestjs/common';
-
-export const IS_PUBLIC_KEY = 'isPublic';
-export const Public = () => SetMetadata(IS_PUBLIC_KEY, true);
diff --git a/backend/src/auth/decorators/roles.decorator.ts b/backend/src/auth/decorators/roles.decorators.ts
similarity index 72%
rename from backend/src/auth/decorators/roles.decorator.ts
rename to backend/src/auth/decorators/roles.decorators.ts
index 567dfcd..c37d108 100644
--- a/backend/src/auth/decorators/roles.decorator.ts
+++ b/backend/src/auth/decorators/roles.decorators.ts
@@ -1,5 +1,5 @@
 import { SetMetadata } from '@nestjs/common';
-import { UserRole } from '../../users/enums/userRoles.enum';
+import { UserRole } from '../common/enum/user-role-enum';
 
 export const ROLES_KEY = 'roles';
 export const Roles = (...roles: UserRole[]) => SetMetadata(ROLES_KEY, roles);
diff --git a/backend/src/auth/dto/create-user.dto.ts b/backend/src/auth/dto/create-user.dto.ts
new file mode 100644
index 0000000..1332d7c
--- /dev/null
+++ b/backend/src/auth/dto/create-user.dto.ts
@@ -0,0 +1,14 @@
+import { IsString, MinLength, IsNotEmpty, IsEmail } from 'class-validator';
+
+export class CreateUserDto {
+  @IsEmail({}, { message: 'Please provide a valid email' })
+  email: string;
+
+  @IsNotEmpty({ message: 'fullName can not be empty' })
+  @IsString({ message: 'fullName must be a string' })
+  fullName: string;
+
+  @IsNotEmpty({ message: 'password can not be empty' })
+  @MinLength(6, { message: 'password must be at least 6 character long' })
+  password: string;
+}
diff --git a/backend/src/auth/dto/disable-2fa.dto.ts b/backend/src/auth/dto/disable-2fa.dto.ts
deleted file mode 100644
index 1e57757..0000000
--- a/backend/src/auth/dto/disable-2fa.dto.ts
+++ /dev/null
@@ -1,5 +0,0 @@
-// dto/disable-2fa.dto.ts
-export class Disable2faDto {
-  password: string;
-  token: string;
-}
diff --git a/backend/src/auth/dto/forgotPassword.dto.ts b/backend/src/auth/dto/forgotPassword.dto.ts
deleted file mode 100644
index 199f398..0000000
--- a/backend/src/auth/dto/forgotPassword.dto.ts
+++ /dev/null
@@ -1,12 +0,0 @@
-import { IsEmail } from 'class-validator';
-import { ApiProperty } from '@nestjs/swagger';
-
-export class ForgotPasswordDto {
-  @ApiProperty({
-    description: 'Email address to send password reset instructions to',
-    example: 'user@example.com',
-    format: 'email',
-  })
-  @IsEmail()
-  email: string;
-}
diff --git a/backend/src/auth/dto/login-user.dto.ts b/backend/src/auth/dto/login-user.dto.ts
new file mode 100644
index 0000000..0aef02b
--- /dev/null
+++ b/backend/src/auth/dto/login-user.dto.ts
@@ -0,0 +1,10 @@
+import { MinLength, IsNotEmpty, IsEmail } from 'class-validator';
+
+export class LoginUserDto {
+  @IsEmail({}, { message: 'Please provide a valid email' })
+  email: string;
+
+  @IsNotEmpty({ message: 'password can not be empty' })
+  @MinLength(8, { message: 'password must be at least 8 character long' })
+  password: string;
+}
diff --git a/backend/src/auth/dto/logout.dto.ts b/backend/src/auth/dto/logout.dto.ts
deleted file mode 100644
index e1b77ca..0000000
--- a/backend/src/auth/dto/logout.dto.ts
+++ /dev/null
@@ -1,12 +0,0 @@
-import { ApiProperty } from '@nestjs/swagger';
-import { IsNotEmpty, IsString } from 'class-validator';
-
-export class LogoutDto {
-  @ApiProperty({
-    description: 'Refresh token for the current session',
-    example: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',
-  })
-  @IsString()
-  @IsNotEmpty()
-  refreshToken: string;
-}
diff --git a/backend/src/auth/dto/resend-otp.dto.ts b/backend/src/auth/dto/resend-otp.dto.ts
new file mode 100644
index 0000000..80ec88d
--- /dev/null
+++ b/backend/src/auth/dto/resend-otp.dto.ts
@@ -0,0 +1,7 @@
+import { IsEmail, IsNotEmpty } from 'class-validator';
+
+export class ResendOtpDto {
+  @IsNotEmpty({ message: 'email is required' })
+  @IsEmail({}, { message: 'Please provide a valid email' })
+  email: string;
+}
diff --git a/backend/src/auth/dto/resend-verification.dto.ts b/backend/src/auth/dto/resend-verification.dto.ts
deleted file mode 100644
index f53318e..0000000
--- a/backend/src/auth/dto/resend-verification.dto.ts
+++ /dev/null
@@ -1,7 +0,0 @@
-import { IsEmail, IsNotEmpty } from 'class-validator';
-
-export class ResendVerificationDto {
-  @IsEmail()
-  @IsNotEmpty()
-  email: string;
-}
diff --git a/backend/src/auth/dto/resendVerifyEmail.dto.ts b/backend/src/auth/dto/resendVerifyEmail.dto.ts
deleted file mode 100644
index 610aa7b..0000000
--- a/backend/src/auth/dto/resendVerifyEmail.dto.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-import { IsEmail, IsNotEmpty, MaxLength } from 'class-validator';
-import { ApiProperty } from '@nestjs/swagger';
-
-export class ResendVerifyEmailDto {
-  @ApiProperty({
-    description: 'User email address',
-    example: 'john.doe@example.com',
-    maxLength: 50,
-  })
-  @IsNotEmpty()
-  @IsEmail()
-  @MaxLength(50)
-  email: string;
-}
diff --git a/backend/src/auth/dto/reset-password.dto.ts b/backend/src/auth/dto/reset-password.dto.ts
new file mode 100644
index 0000000..61271b1
--- /dev/null
+++ b/backend/src/auth/dto/reset-password.dto.ts
@@ -0,0 +1,16 @@
+import { IsNotEmpty, IsString, MinLength } from 'class-validator';
+
+export class ResetPasswordDto {
+  @IsNotEmpty()
+  @IsString()
+  otp: string;
+
+  @IsNotEmpty()
+  @IsString()
+  @MinLength(8, { message: 'New password must be at least 8 characters long' })
+  newPassword: string;
+
+  @IsNotEmpty()
+  @IsString()
+  confirmNewPassword: string;
+}
diff --git a/backend/src/auth/dto/resetPassword.dto.ts b/backend/src/auth/dto/resetPassword.dto.ts
deleted file mode 100644
index 19c9422..0000000
--- a/backend/src/auth/dto/resetPassword.dto.ts
+++ /dev/null
@@ -1,20 +0,0 @@
-import { IsNotEmpty, MinLength } from 'class-validator';
-import { ApiProperty } from '@nestjs/swagger';
-
-export class ResetPasswordDto {
-  @ApiProperty({
-    description: 'Password reset token received via email',
-    example: 'abc123def456ghi789jkl012mno345pqr678stu901vwx',
-  })
-  @IsNotEmpty()
-  token: string;
-
-  @ApiProperty({
-    description: 'New password (minimum 8 characters)',
-    example: 'NewPassword123!',
-    minLength: 8,
-  })
-  @IsNotEmpty()
-  @MinLength(8)
-  newPassword: string;
-}
diff --git a/backend/src/auth/dto/send-password-reset-otp.dto.ts b/backend/src/auth/dto/send-password-reset-otp.dto.ts
new file mode 100644
index 0000000..d5ddc89
--- /dev/null
+++ b/backend/src/auth/dto/send-password-reset-otp.dto.ts
@@ -0,0 +1,7 @@
+import { IsEmail, IsNotEmpty } from 'class-validator';
+
+export class SendPasswordResetOtpDto {
+  @IsNotEmpty({ message: 'email is required' })
+  @IsEmail({}, { message: 'Please provide a valid email' })
+  email: string;
+}
diff --git a/backend/src/auth/dto/setup-2fe,dto.ts b/backend/src/auth/dto/setup-2fe,dto.ts
deleted file mode 100644
index d87d2da..0000000
--- a/backend/src/auth/dto/setup-2fe,dto.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-export class Setup2faDto {
-  password: string;
-}
diff --git a/backend/src/auth/dto/validate-reset-token.dto.ts b/backend/src/auth/dto/validate-reset-token.dto.ts
deleted file mode 100644
index 5c53361..0000000
--- a/backend/src/auth/dto/validate-reset-token.dto.ts
+++ /dev/null
@@ -1,11 +0,0 @@
-import { IsNotEmpty } from 'class-validator';
-import { ApiProperty } from '@nestjs/swagger';
-
-export class ValidateResetTokenDto {
-  @ApiProperty({
-    description: 'Password reset token received via email',
-    example: 'abc123def456ghi789jkl012mno345pqr678stu901vwx',
-  })
-  @IsNotEmpty()
-  token: string;
-}
diff --git a/backend/src/auth/dto/verify-2fa.dto.ts b/backend/src/auth/dto/verify-2fa.dto.ts
deleted file mode 100644
index 831fa4d..0000000
--- a/backend/src/auth/dto/verify-2fa.dto.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-export class Verify2faDto {
-  token: string;
-}
diff --git a/backend/src/auth/dto/verify-otp.dto.ts b/backend/src/auth/dto/verify-otp.dto.ts
new file mode 100644
index 0000000..d94fdba
--- /dev/null
+++ b/backend/src/auth/dto/verify-otp.dto.ts
@@ -0,0 +1,12 @@
+import { IsEmail, IsNotEmpty, IsString } from 'class-validator';
+
+export class VerifyOtpDto {
+  @IsNotEmpty({ message: 'email is required' })
+  @IsEmail({}, { message: 'Please provide a valid email' })
+  @IsString()
+  email: string;
+
+  @IsNotEmpty({ message: 'otp is required' })
+  @IsString()
+  otp: string;
+}
diff --git a/backend/src/auth/dto/verifyEmail.dto.ts b/backend/src/auth/dto/verifyEmail.dto.ts
deleted file mode 100644
index 632cf5e..0000000
--- a/backend/src/auth/dto/verifyEmail.dto.ts
+++ /dev/null
@@ -1,7 +0,0 @@
-import { IsNotEmpty, IsString } from 'class-validator';
-
-export class VerifyEmailDto {
-  @IsString()
-  @IsNotEmpty()
-  token: string;
-}
diff --git a/backend/src/auth/entities/backup-code.entity.ts b/backend/src/auth/entities/backup-code.entity.ts
deleted file mode 100644
index 90dd7c4..0000000
--- a/backend/src/auth/entities/backup-code.entity.ts
+++ /dev/null
@@ -1,27 +0,0 @@
-// backend/src/auth/entities/backup-code.entity.ts
-import {
-  Entity,
-  PrimaryGeneratedColumn,
-  Column,
-  ManyToOne,
-  CreateDateColumn,
-} from 'typeorm';
-import { User } from 'src/users/entities/user.entity';
-
-@Entity('backup_codes')
-export class BackupCode {
-  @PrimaryGeneratedColumn('uuid')
-  id: string;
-
-  @Column()
-  codeHash: string;
-
-  @Column({ default: false })
-  used: boolean;
-
-  @ManyToOne(() => User)
-  user: User;
-
-  @CreateDateColumn()
-  createdAt: Date;
-}
diff --git a/backend/src/auth/entities/refreshToken.entity.ts b/backend/src/auth/entities/refreshToken.entity.ts
deleted file mode 100644
index 9531836..0000000
--- a/backend/src/auth/entities/refreshToken.entity.ts
+++ /dev/null
@@ -1,46 +0,0 @@
-import {
-  Entity,
-  PrimaryGeneratedColumn,
-  Column,
-  ManyToOne,
-  CreateDateColumn,
-  UpdateDateColumn,
-  JoinColumn,
-} from 'typeorm';
-import { User } from '../../users/entities/user.entity';
-
-@Entity('refresh_tokens')
-export class RefreshToken {
-  @PrimaryGeneratedColumn('uuid')
-  id: string;
-
-  @Column()
-  token: string;
-
-  @Column({ type: 'timestamptz' })
-  expiresAt: Date;
-
-  @Column({ default: false })
-  revoked: boolean;
-
-  @Column({ type: 'timestamptz', nullable: true })
-  revokedAt?: Date;
-
-  @Column({ nullable: true })
-  userAgent?: string;
-
-  @Column({ nullable: true })
-  ipAddress?: string;
-
-  @ManyToOne(() => User, (user) => user.refreshTokens, {
-    onDelete: 'CASCADE',
-  })
-  @JoinColumn()
-  user: User;
-
-  @CreateDateColumn()
-  createdAt: Date;
-
-  @UpdateDateColumn()
-  updatedAt: Date;
-}
diff --git a/backend/src/auth/entities/two-fa.entity.ts b/backend/src/auth/entities/two-fa.entity.ts
deleted file mode 100644
index 6c50a24..0000000
--- a/backend/src/auth/entities/two-fa.entity.ts
+++ /dev/null
@@ -1,35 +0,0 @@
-// backend/src/auth/entities/two-factor-secret.entity.ts
-import {
-  Entity,
-  PrimaryGeneratedColumn,
-  Column,
-  OneToOne,
-  JoinColumn,
-  CreateDateColumn,
-} from 'typeorm';
-import { User } from 'src/users/entities/user.entity';
-
-@Entity('two_factor_secrets')
-export class TwoFactorSecret {
-  @PrimaryGeneratedColumn('uuid')
-  id: string;
-
-  @Column()
-  encryptedSecret: string;
-
-  @Column({ default: false })
-  isEnabled: boolean;
-
-  @Column({ default: 0 })
-  failedAttempts: number;
-
-  @Column({ nullable: true })
-  lockedUntil: Date;
-
-  @OneToOne(() => User)
-  @JoinColumn()
-  user: User;
-
-  @CreateDateColumn()
-  createdAt: Date;
-}
diff --git a/backend/src/auth/entities/user.entity.ts b/backend/src/auth/entities/user.entity.ts
new file mode 100644
index 0000000..b990186
--- /dev/null
+++ b/backend/src/auth/entities/user.entity.ts
@@ -0,0 +1,47 @@
+import {
+  Column,
+  CreateDateColumn,
+  Entity,
+  PrimaryGeneratedColumn,
+  UpdateDateColumn,
+} from 'typeorm';
+import { UserRole } from '../common/enum/user-role-enum';
+import { Exclude } from 'class-transformer';
+
+@Entity()
+export class User {
+  @PrimaryGeneratedColumn()
+  id: number;
+  @Column({ unique: true })
+  email: string;
+  @Column()
+  fullName: string;
+  @Column()
+  @Exclude()
+  password: string;
+  @Column({
+    type: 'enum',
+    enum: UserRole,
+    default: UserRole.SUBSCRIBER,
+  })
+  role: UserRole;
+
+  @Column({ nullable: true })
+  verificationCode?: string;
+
+  @CreateDateColumn()
+  verificationCodeExpiresAt?: Date;
+
+  @Column({ nullable: true })
+  passwordResetCode?: string;
+
+  @Column({ default: false })
+  isVerified: boolean;
+
+  @CreateDateColumn()
+  passwordResetCodeExpiresAt?: Date;
+
+  createdAt: Date;
+  @UpdateDateColumn()
+  updatedAt: Date;
+}
diff --git a/backend/src/auth/guards/local.guard.ts b/backend/src/auth/guard/jwt.auth.guard.ts
similarity index 64%
rename from backend/src/auth/guards/local.guard.ts
rename to backend/src/auth/guard/jwt.auth.guard.ts
index ccf962b..41bf8a3 100644
--- a/backend/src/auth/guards/local.guard.ts
+++ b/backend/src/auth/guard/jwt.auth.guard.ts
@@ -1,5 +1,4 @@
 import { Injectable } from '@nestjs/common';
 import { AuthGuard } from '@nestjs/passport';
-
 @Injectable()
-export class LocalAuthGuard extends AuthGuard('local') {}
+export class JwtAuthGuard extends AuthGuard('jwt') {}
diff --git a/backend/src/auth/guard/roles.guard.ts b/backend/src/auth/guard/roles.guard.ts
new file mode 100644
index 0000000..c1a63d1
--- /dev/null
+++ b/backend/src/auth/guard/roles.guard.ts
@@ -0,0 +1,42 @@
+import {
+  Injectable,
+  CanActivate,
+  ExecutionContext,
+  ForbiddenException,
+} from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import { UserRole } from '../common/enum/user-role-enum';
+import { ROLES_KEY } from '../decorators/roles.decorators';
+
+@Injectable()
+export class RolesGuard implements CanActivate {
+  constructor(private reflector: Reflector) {}
+
+  canActivate(context: ExecutionContext): boolean {
+    const requiredRoles = this.reflector.getAllAndOverride<UserRole[]>(
+      ROLES_KEY,
+      [context.getHandler(), context.getClass()],
+    );
+
+    if (!requiredRoles) {
+      return true;
+    }
+
+    const request = context
+      .switchToHttp()
+      .getRequest<{ user?: { role?: UserRole } }>();
+    const { user } = request;
+
+    if (!user) {
+      throw new ForbiddenException('user not authenticated');
+    }
+    const hasRequiredRole = requiredRoles.some((role) => user.role === role);
+
+    if (!hasRequiredRole) {
+      throw new ForbiddenException(
+        'You do not have permission to perform this action',
+      );
+    }
+    return true;
+  }
+}
diff --git a/backend/src/auth/guards/jwt.guard.ts b/backend/src/auth/guards/jwt.guard.ts
deleted file mode 100644
index dfaa521..0000000
--- a/backend/src/auth/guards/jwt.guard.ts
+++ /dev/null
@@ -1,24 +0,0 @@
-import { ExecutionContext, Injectable } from '@nestjs/common';
-import { Reflector } from '@nestjs/core';
-import { AuthGuard } from '@nestjs/passport';
-import { IS_PUBLIC_KEY } from '../decorators/public.decorator';
-
-@Injectable()
-export class JwtAuthGuard extends AuthGuard('jwt') {
-  constructor(private reflector: Reflector) {
-    super();
-  }
-
-  canActivate(context: ExecutionContext) {
-    const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
-      context.getHandler(),
-      context.getClass(),
-    ]);
-
-    if (isPublic) {
-      return true;
-    }
-
-    return super.canActivate(context);
-  }
-}
diff --git a/backend/src/auth/guards/refreshToken.guard.ts b/backend/src/auth/guards/refreshToken.guard.ts
deleted file mode 100644
index f01aec3..0000000
--- a/backend/src/auth/guards/refreshToken.guard.ts
+++ /dev/null
@@ -1,5 +0,0 @@
-import { Injectable } from '@nestjs/common';
-import { AuthGuard } from '@nestjs/passport';
-
-@Injectable()
-export class RefreshTokenGuard extends AuthGuard('jwt-refresh') {}
diff --git a/backend/src/auth/guards/roles.guard.ts b/backend/src/auth/guards/roles.guard.ts
deleted file mode 100644
index 321cbc8..0000000
--- a/backend/src/auth/guards/roles.guard.ts
+++ /dev/null
@@ -1,24 +0,0 @@
-import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
-import { Reflector } from '@nestjs/core';
-import { ROLES_KEY } from '../decorators/roles.decorator';
-
-@Injectable()
-export class RolesGuard implements CanActivate {
-  constructor(private readonly reflector: Reflector) {}
-
-  canActivate(context: ExecutionContext): boolean {
-    const requiredRoles = this.reflector.getAllAndOverride(ROLES_KEY, [
-      context.getHandler(),
-      context.getClass(),
-    ]);
-
-    if (!requiredRoles) {
-      return true;
-    }
-
-    const { user } = context.switchToHttp().getRequest();
-    const isUserRoleValid = requiredRoles.some((role) => role === user.role);
-
-    return isUserRoleValid;
-  }
-}
diff --git a/backend/src/auth/helper/email-sender.ts b/backend/src/auth/helper/email-sender.ts
new file mode 100644
index 0000000..17e95eb
--- /dev/null
+++ b/backend/src/auth/helper/email-sender.ts
@@ -0,0 +1,86 @@
+import {
+  Injectable,
+  InternalServerErrorException,
+  Logger,
+} from '@nestjs/common';
+import {
+  sendgridClient,
+  sendgridSender,
+} from '../../config/email/sendgrid-config';
+import {
+  loadHtmlTemplate,
+  replacePlaceholders,
+} from '../../config/email/email.service';
+
+@Injectable()
+export class EmailService {
+  private readonly logger = new Logger(EmailService.name);
+
+  async sendEmail(to: string, subject: string, htmlBody: string) {
+    const msg = {
+      to,
+      from: sendgridSender,
+      subject,
+      html: htmlBody,
+    };
+
+    try {
+      await sendgridClient.send(msg);
+      this.logger.log(`Email sent successfully to ${to}`);
+      return { success: true };
+    } catch (error: unknown) {
+      if (typeof error === 'object' && error !== null && 'response' in error) {
+        const errObj = error as { response?: { body?: any }; message?: string };
+        this.logger.error(
+          `SendGrid send failed for ${to}: ${JSON.stringify(errObj.response?.body) || errObj.message}`,
+        );
+      } else {
+        this.logger.error(`SendGrid send failed for ${to}: ${String(error)}`);
+      }
+
+      throw new InternalServerErrorException('Failed to send email');
+    }
+  }
+
+  async sendVerificationEmail(to: string, otp: string, fullName: string) {
+    try {
+      let htmlContent = await loadHtmlTemplate('verification-email');
+
+      const placeholders: Record<string, string> = { fullName };
+      otp.split('').forEach((digit, index) => {
+        placeholders[`otp${index + 1}`] = digit;
+      });
+
+      htmlContent = replacePlaceholders(htmlContent, placeholders);
+
+      await this.sendEmail(to, 'OTP Verification Code', htmlContent);
+      this.logger.log(`OTP email sent successfully to ${to}`);
+    } catch (error) {
+      this.logger.error(`Error sending OTP email to ${to}: ${error}`);
+      throw new InternalServerErrorException('Error in sending OTP email');
+    }
+  }
+
+  async sendPasswordResetEmail(to: string, otp: string, fullName: string) {
+    try {
+      let htmlContent = await loadHtmlTemplate('reset-password-email');
+
+      const placeholders: Record<string, string> = { fullName: fullName };
+      otp.split('').forEach((digit, index) => {
+        placeholders[`otp${index + 1}`] = digit;
+      });
+
+      htmlContent = replacePlaceholders(htmlContent, placeholders);
+
+      await this.sendEmail(to, 'Password Reset Code', htmlContent);
+      this.logger.log(`Password reset email sent successfully to ${to}`);
+    } catch (error) {
+      this.logger.error(
+        `Error sending password reset email to ${to}: ${error}`,
+      );
+      throw new InternalServerErrorException(
+        'Error in sending password reset email',
+      );
+    }
+  }
+}
diff --git a/backend/src/auth/helper/jwt-helper.ts b/backend/src/auth/helper/jwt-helper.ts
new file mode 100644
index 0000000..f7b70cd
--- /dev/null
+++ b/backend/src/auth/helper/jwt-helper.ts
@@ -0,0 +1,62 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { JwtService } from '@nestjs/jwt';
+import { UserMessages } from './user-messages';
+import { JwtPayload } from '../interface/user.interface';
+import { User } from '../entities/user.entity';
+
+type JwtExpiry = `${number}${'s' | 'm' | 'h' | 'd'}` | number;
+
+@Injectable()
+export class JwtHelper {
+  constructor(private readonly jwtService: JwtService) {}
+
+  public validateRefreshToken(refreshToken: string): number | null {
+    try {
+      const payload = this.jwtService.verify<JwtPayload>(refreshToken, {
+        secret: process.env.REFRESH_TOKEN_SECRET as string,
+      });
+
+      return payload?.userId ?? null;
+    } catch (error: unknown) {
+      if (error instanceof Error) {
+        console.error('JWT verification failed:', error.message);
+      } else {
+        console.error('JWT verification failed:', error);
+      }
+      throw new UnauthorizedException(UserMessages.INVALID_REFRESH_TOKEN);
+    }
+  }
+
+  public generateAccessToken(user: User): string {
+    const payload: JwtPayload = {
+      userId: user.id,
+      email: user.email,
+      fullName: user.fullName,
+    };
+
+    return this.jwtService.sign(payload, {
+      secret: process.env.ACCESS_TOKEN_SECRET as string,
+      expiresIn: (process.env.ACCESS_TOKEN_EXPIRATION ?? '1h') as JwtExpiry,
+    });
+  }
+
+  public generateRefreshToken(user: User): string {
+    const payload: JwtPayload = {
+      userId: user.id,
+      email: user.email,
+      fullName: user.fullName,
+    };
+
+    return this.jwtService.sign(payload, {
+      secret: process.env.REFRESH_TOKEN_SECRET as string,
+      expiresIn: (process.env.REFRESH_TOKEN_EXPIRATION ?? '7d') as JwtExpiry,
+    });
+  }
+
+  public generateTokens(user: User) {
+    return {
+      accessToken: this.generateAccessToken(user),
+      refreshToken: this.generateRefreshToken(user),
+    };
+  }
+}
diff --git a/backend/src/auth/helper/user-helper.ts b/backend/src/auth/helper/user-helper.ts
new file mode 100644
index 0000000..ecb9503
--- /dev/null
+++ b/backend/src/auth/helper/user-helper.ts
@@ -0,0 +1,44 @@
+import { Injectable } from '@nestjs/common';
+import { User } from '../entities/user.entity';
+import * as bcrypt from 'bcrypt';
+@Injectable()
+export class UserHelper {
+  public async verifyPassword(
+    plainPassword: string,
+    hashedPassword: string,
+  ): Promise<boolean> {
+    return bcrypt.compare(plainPassword, hashedPassword);
+  }
+
+  public async hashPassword(password: string): Promise<string> {
+    return bcrypt.hash(password, 10);
+  }
+
+  public formatUserResponse(user: User) {
+    return {
+      id: user.id,
+      email: user.email,
+      fullName: user.fullName,
+      role: user.role,
+      isVerified: user.isVerified,
+    };
+  }
+
+  public isValidPassword(password: string) {
+    const minLength = 8;
+    const hasUpperCase = /[A-Z]/.test(password);
+    const hasLowerCase = /[a-z]/.test(password);
+    const hasDigits = /\d/.test(password);
+
+    return (
+      password.length >= minLength && hasUpperCase && hasLowerCase && hasDigits
+    );
+  }
+
+  public generateVerificationCode(digits: number = 4): string {
+    const max = Math.pow(10, digits) - 1;
+    const min = Math.pow(10, digits - 1);
+
+    return (Math.floor(Math.random() * (max - min + 1)) + min).toString();
+  }
+}
diff --git a/backend/src/auth/helper/user-messages.ts b/backend/src/auth/helper/user-messages.ts
new file mode 100644
index 0000000..2c70e71
--- /dev/null
+++ b/backend/src/auth/helper/user-messages.ts
@@ -0,0 +1,23 @@
+export const UserMessages = {
+  EMAIL_ALREADY_EXIST: 'user already in exist, please login',
+  INVALID_CREDENTIALS: 'Invalid credentials or account not exists',
+  INVALID_REFRESH_TOKEN: 'Invalid or expired refresh token',
+  USER_CREATED_SUCCESSFULLY: 'User created successfully.',
+  USER_NOT_FOUND: 'User not found.',
+  INVALID_ACCESS_TOKEN: 'Invalid access token.',
+  OTP_SENT: 'An Otp Code has been sent to your Email',
+  EMAIL_NOT_VERIFIED: 'Please verify your email before logging in',
+  OTP_REQUIRED: 'Verification code is required',
+  REFRESH_TOKEN_SUCCESS: 'access token generated successfully ',
+  OTP_VERIFIED: 'OTP verified successfully',
+  ACCESS_TOKEN_SECRET_NOT_SET:
+    'ACCESS_TOKEN_SECRET environment variable is not defined',
+  IS_VALID_PASSWORD:
+    'Password must be at least 8 characters long, contain uppercase and lowercase letters, and at least one digit.',
+  INVALID_OTP: 'Invalid otp code',
+  OTP_EXPIRED: 'Otp code has Expired',
+  EMAIL_REQUIRED: 'Email is required',
+  VERIFY_OTP_SUCCESS: 'Email verified successfully',
+  PASSWORDS_DO_NOT_MATCH: 'New Password and Confirm Password must Match.',
+  PASSWORDS_RESET_SUCCESSFUL: 'Password reset successfully',
+};
diff --git a/backend/src/auth/http/post.auth.endpoints.http b/backend/src/auth/http/post.auth.endpoints.http
deleted file mode 100644
index afe1bb4..0000000
--- a/backend/src/auth/http/post.auth.endpoints.http
+++ /dev/null
@@ -1,20 +0,0 @@
-
-// CREATE NEW USER
-POST http://localhost:6000/auth/register
-Content-Type: application/json
-
-{
-    "firstname": "test",
-    "lastname": "user",
-    "email": "testuser@gmail.com",
-    "password": "Testing123.56"
-}
-
-// LOGIN USER
-POST http://localhost:6000/auth/login
-Content-Type: application/json
-
-{
-    "email": "testuser@gmail.com",
-    "password": "Testing123.56"
-}
\ No newline at end of file
diff --git a/backend/src/auth/interface/user.interface.ts b/backend/src/auth/interface/user.interface.ts
new file mode 100644
index 0000000..d4c130a
--- /dev/null
+++ b/backend/src/auth/interface/user.interface.ts
@@ -0,0 +1,8 @@
+export interface JwtPayload {
+  userId: number;
+  email?: string;
+  fullName?: string;
+  role?: string;
+  iat?: string;
+  exp?: string;
+}
diff --git a/backend/src/auth/interfaces/authResponse.interface.ts b/backend/src/auth/interfaces/authResponse.interface.ts
deleted file mode 100644
index 6289761..0000000
--- a/backend/src/auth/interfaces/authResponse.interface.ts
+++ /dev/null
@@ -1,6 +0,0 @@
-import { User } from '../../users/entities/user.entity';
-
-export interface AuthResponse {
-  user: User;
-  accessToken: string;
-}
diff --git a/backend/src/auth/interfaces/tokenPayload.interface.ts b/backend/src/auth/interfaces/tokenPayload.interface.ts
deleted file mode 100644
index 73d46ee..0000000
--- a/backend/src/auth/interfaces/tokenPayload.interface.ts
+++ /dev/null
@@ -1,8 +0,0 @@
-export interface TokenPayload {
-  userId?: string;
-  sub?: string;
-  email?: string;
-  role?: string;
-  iat?: number;
-  exp?: number;
-}
diff --git a/backend/src/auth/providers/RefreshTokenCrud.repository.ts b/backend/src/auth/providers/RefreshTokenCrud.repository.ts
deleted file mode 100644
index 25228b3..0000000
--- a/backend/src/auth/providers/RefreshTokenCrud.repository.ts
+++ /dev/null
@@ -1,148 +0,0 @@
-import {
-  BadRequestException,
-  Inject,
-  Injectable,
-  RequestTimeoutException,
-  UnauthorizedException,
-} from '@nestjs/common';
-import { InjectRepository } from '@nestjs/typeorm';
-import { RefreshToken } from '../entities/refreshToken.entity';
-import { Repository } from 'typeorm';
-import { User } from 'src/users/entities/user.entity';
-import { Request } from 'express';
-import { ConfigService } from '@nestjs/config';
-import { HashingProvider } from './hashing.provider';
-import { FindOneRefreshTokenProvider } from './findOneRefreshToken.provider';
-
-@Injectable()
-export class RefreshTokenRepositoryOperations {
-  constructor(
-    @InjectRepository(RefreshToken)
-    private readonly refreshTokenEntity: Repository<RefreshToken>,
-
-    private readonly configService: ConfigService,
-
-    private readonly hashingProvider: HashingProvider,
-
-    private readonly findOneRefreshTokenProvider: FindOneRefreshTokenProvider,
-  ) {}
-
-  // [1] save the refresh token to the databse
-  public async saveRefreshToken(
-    user: User,
-    token: string,
-    req?: Request,
-  ): Promise<RefreshToken> {
-    let savedRefreshTokenEntity: RefreshToken;
-
-    const raw = this.configService.get<string>('JWT_REFRESH_EXPIRATION'); // e.g. "604800" or "604800000"
-    let expirationSeconds: number;
-
-    if (parseInt(raw) > 1000000) {
-      // looks like milliseconds
-      expirationSeconds = Math.floor(parseInt(raw) / 1000);
-    } else {
-      // already seconds
-      expirationSeconds = parseInt(raw);
-    }
-
-    const expiresAt = new Date(Date.now() + expirationSeconds * 1000);
-
-    const refreshTokenEntityData: Partial<RefreshToken> = {
-      user,
-      token: await this.hashingProvider.hash(token),
-      expiresAt,
-    };
-
-    // conditionally add the metadata fileds
-    if (req) {
-      refreshTokenEntityData.userAgent = req.headers['user-agent'] || 'unknown';
-      refreshTokenEntityData.ipAddress = req.ip || 'unknown';
-    }
-
-    // create a new refresh token entity
-    savedRefreshTokenEntity = this.refreshTokenEntity.create(
-      refreshTokenEntityData,
-    );
-
-    try {
-      savedRefreshTokenEntity = await this.refreshTokenEntity.save(
-        savedRefreshTokenEntity,
-      );
-    } catch (error) {
-      throw new RequestTimeoutException('Error connecting to the database');
-    }
-
-    if (!savedRefreshTokenEntity) {
-      throw new BadRequestException('Error saving refresh token to database');
-    }
-
-    return savedRefreshTokenEntity;
-  }
-
-  // [2] find one refresh token from the database and return it
-  public async findOneRefreshToken(userId: string, userToken: string) {
-    const refreshToken =
-      await this.findOneRefreshTokenProvider.findRefreshToken(
-        userId,
-        userToken,
-      );
-
-    return refreshToken;
-  }
-
-  // [3] invalidate/revoke a refresh token entity
-  public async revokeSingleRefreshToken(userId: string, userToken: string) {
-    let refreshToken: RefreshToken;
-
-    refreshToken = await this.findOneRefreshTokenProvider.findRefreshToken(
-      userId,
-      userToken,
-    );
-
-    const now = new Date();
-
-    refreshToken.revoked = true;
-    refreshToken.revokedAt = now;
-    await this.refreshTokenEntity.save(refreshToken);
-
-    return {
-      loggedOut: true,
-      refreshToken,
-    };
-  }
-
-  // [4] invalidate/revoke all refresh token entity of the user
-  public async revokeAllRefreshTokens(userId: string) {
-    const allRefreshTokenEntities = await this.refreshTokenEntity.find({
-      where: {
-        user: {
-          id: userId,
-        },
-        revoked: false,
-      },
-    });
-
-    if (!allRefreshTokenEntities.length) {
-      return {
-        revokedAllSessions: false,
-        revokedCount: 0,
-      };
-    }
-
-    const now = new Date();
-
-    const revokedTokens = allRefreshTokenEntities.map((token) => {
-      token.revoked = true;
-      token.revokedAt = now;
-      return token;
-    });
-
-    await this.refreshTokenEntity.save(revokedTokens);
-
-    return {
-      revokedAllSessions: true,
-      revokedCount: revokedTokens.length,
-    };
-  }
-}
diff --git a/backend/src/auth/providers/auth.service.ts b/backend/src/auth/providers/auth.service.ts
deleted file mode 100644
index 6305abf..0000000
--- a/backend/src/auth/providers/auth.service.ts
+++ /dev/null
@@ -1,138 +0,0 @@
-import {
-  Injectable,
-  UnauthorizedException,
-  BadRequestException,
-} from '@nestjs/common';
-import { UsersService } from '../../users/providers/users.service';
-import { CreateUserDto } from '../../users/dto/createUser.dto';
-import { User } from '../../users/entities/user.entity';
-import { LoginUserProvider } from './loginUser.provider';
-import { AuthResponse } from '../interfaces/authResponse.interface';
-import { Response } from 'express';
-import { VerifyEmailProvider } from './verifyEmail.provider';
-import { ResendVerificationEmailProvider } from './resendVerificationEmail.provider';
-import { RefreshTokenRepositoryOperations } from './RefreshTokenCrud.repository';
-
-@Injectable()
-export class AuthService {
-  constructor(
-    private readonly usersService: UsersService,
-    private readonly loginUserProvider: LoginUserProvider,
-    private readonly verifyEmailProvider: VerifyEmailProvider,
-    private readonly resendVerificationEmailProvider: ResendVerificationEmailProvider,
-    private readonly refreshTokenRepositoryOperations: RefreshTokenRepositoryOperations,
-  ) {}
-
-  // CREATE USER
-  async createUser(
-    createUserDto: CreateUserDto,
-    response: Response,
-  ): Promise<AuthResponse> {
-    return await this.usersService.createUser(createUserDto, response);
-  }
-
-  // VALIDATE USER
-  public async validateUser(
-    email: string,
-    password: string,
-  ): Promise<Partial<User>> {
-    return await this.usersService.validateUser(email, password);
-  }
-
-  // LOGIN USER
-  public async loginUser(
-    user: User,
-    response: Response,
-  ): Promise<AuthResponse> {
-    return await this.loginUserProvider.loginUser(user, response);
-  }
-
-  // FORGOT PASSWORD
-  public async forgotPassword(email: string) {
-    return await this.usersService.forgotPassword(email);
-  }
-
-  // RESET PASSWORD
-  public async resetPassword(token: string, newPassword: string) {
-    return await this.usersService.resetPassword(token, newPassword);
-  }
-
-  // VALIDATE RESET TOKEN
-  public async validateResetToken(token: string) {
-    const user = await this.usersService.findByPasswordResetToken(token);
-
-    if (!user) {
-      throw new BadRequestException('Invalid reset token');
-    }
-
-    if (
-      !user.passwordResetExpiresIn ||
-      user.passwordResetExpiresIn < new Date()
-    ) {
-      throw new BadRequestException('Reset token has expired');
-    }
-
-    return {
-      message: 'Token is valid',
-      email: user.email,
-    };
-  }
-  public async verifyEmail(token: string): Promise<{ message: string }> {
-    return await this.verifyEmailProvider.verifyEmail(token);
-  }
-
-  public async resendVerificationEmail(
-    email: string,
-  ): Promise<{ message: string }> {
-    return await this.resendVerificationEmailProvider.resendVerificationEmail(
-      email,
-    );
-  }
-
-  public async logout(
-    userId: string,
-    refreshToken: string,
-    response: Response,
-  ): Promise<{ message: string }> {
-    if (!refreshToken) {
-      throw new UnauthorizedException('No active session found');
-    }
-
-    await this.refreshTokenRepositoryOperations.revokeSingleRefreshToken(
-      userId,
-      refreshToken,
-    );
-
-    response.clearCookie('authRefreshToken', {
-      httpOnly: true,
-      secure: true,
-      sameSite: 'none',
-      path: '/auth/refresh-token',
-    });
-
-    return { message: 'Logged out successfully' };
-  }
-
-  public async logoutAllSessions(
-    userId: string,
-    response: Response,
-  ): Promise<{ message: string }> {
-    const revoked =
-      await this.refreshTokenRepositoryOperations.revokeAllRefreshTokens(
-        userId,
-      );
-
-    if (!revoked.revokedCount) {
-      throw new UnauthorizedException('No active sessions found');
-    }
-
-    response.clearCookie('authRefreshToken', {
-      httpOnly: true,
-      secure: true,
-      sameSite: 'none',
-      path: '/auth/refresh-token',
-    });
-
-    return { message: 'Logged out from all sessions successfully' };
-  }
-}
diff --git a/backend/src/auth/providers/bcrypt.provider.ts b/backend/src/auth/providers/bcrypt.provider.ts
deleted file mode 100644
index dd35725..0000000
--- a/backend/src/auth/providers/bcrypt.provider.ts
+++ /dev/null
@@ -1,20 +0,0 @@
-import { Injectable } from '@nestjs/common';
-import { HashingProvider } from './hashing.provider';
-import * as bcrypt from 'bcrypt';
-
-@Injectable()
-export class BcryptProvider extends HashingProvider {
-  async hash(data: string | Buffer): Promise<string> {
-    const salt = await bcrypt.genSalt(10);
-
-    const hashedData = await bcrypt.hash(data, salt);
-
-    return hashedData;
-  }
-
-  async compare(data: string | Buffer, hashedData: string): Promise<boolean> {
-    const result = await bcrypt.compare(data, hashedData);
-
-    return result;
-  }
-}
diff --git a/backend/src/auth/providers/findOneRefreshToken.provider.ts b/backend/src/auth/providers/findOneRefreshToken.provider.ts
deleted file mode 100644
index f85481e..0000000
--- a/backend/src/auth/providers/findOneRefreshToken.provider.ts
+++ /dev/null
@@ -1,58 +0,0 @@
-import {
-  Injectable,
-  RequestTimeoutException,
-  UnauthorizedException,
-} from '@nestjs/common';
-import { RefreshToken } from '../entities/refreshToken.entity';
-import { HashingProvider } from './hashing.provider';
-import { InjectRepository } from '@nestjs/typeorm';
-import { Repository } from 'typeorm';
-
-@Injectable()
-export class FindOneRefreshTokenProvider {
-  constructor(
-    @InjectRepository(RefreshToken)
-    private readonly refreshTokenEntity: Repository<RefreshToken>,
-    private readonly hashingProvider: HashingProvider,
-  ) {}
-
-  public async findRefreshToken(userId: string, userRefreshToken: string) {
-    let userTokens: RefreshToken[];
-
-    try {
-      userTokens = await this.refreshTokenEntity.find({
-        where: {
-          user: {
-            id: userId,
-          },
-        },
-        relations: ['user'],
-      });
-    } catch (error) {
-      throw new RequestTimeoutException('Error connecting to the database');
-    }
-
-    if (!userTokens || userTokens.length === 0) {
-      throw new UnauthorizedException('Invalid refresh token');
-    }
-
-    // compare provided token with each stored one
-    for (const tokenEntity of userTokens) {
-      const isMatch = await this.hashingProvider.compare(
-        userRefreshToken,
-        tokenEntity.token,
-      );
-
-      if (isMatch) {
-        //checkif the token is already revoked
-        if (tokenEntity.revoked) {
-          throw new UnauthorizedException('Refresh token is already revoked');
-        }
-
-        return tokenEntity;
-      }
-    }
-
-    throw new UnauthorizedException('Invalid refresh token');
-  }
-}
diff --git a/backend/src/auth/providers/generateTokens.provider.ts b/backend/src/auth/providers/generateTokens.provider.ts
deleted file mode 100644
index ef212f7..0000000
--- a/backend/src/auth/providers/generateTokens.provider.ts
+++ /dev/null
@@ -1,55 +0,0 @@
-import { Injectable } from '@nestjs/common';
-import { JwtService } from '@nestjs/jwt';
-import { ConfigService } from '@nestjs/config';
-import { User } from 'src/users/entities/user.entity';
-
-@Injectable()
-export class GenerateTokensProvider {
-  constructor(
-    private readonly jwtService: JwtService,
-
-    private readonly configService: ConfigService,
-  ) {}
-
-  public async signSingleToken(
-    userId: string,
-    expiresIn: number,
-    userRole: string,
-    payload?: any,
-  ) {
-    return await this.jwtService.signAsync(
-      {
-        sub: userId,
-        role: userRole,
-        ...payload,
-      },
-      {
-        secret: this.configService.get('JWT_SECRET'),
-        expiresIn,
-      },
-    );
-  }
-
-  public async generateBothTokens(user: User) {
-    const [accessToken, refreshToken] = await Promise.all([
-      this.signSingleToken(
-        user.id,
-        this.configService.get('JWT_ACCESS_EXPIRATION'),
-        user.role,
-        {
-          email: user.email,
-        },
-      ),
-      this.signSingleToken(
-        user.id,
-        this.configService.get('JWT_REFRESH_EXPIRATION'),
-        user.role,
-      ),
-    ]);
-
-    return {
-      accessToken,
-      refreshToken,
-    };
-  }
-}
diff --git a/backend/src/auth/providers/hashing.provider.ts b/backend/src/auth/providers/hashing.provider.ts
deleted file mode 100644
index 56cb39e..0000000
--- a/backend/src/auth/providers/hashing.provider.ts
+++ /dev/null
@@ -1,8 +0,0 @@
-import { Injectable } from '@nestjs/common';
-
-@Injectable()
-export abstract class HashingProvider {
-  abstract hash(data: string | Buffer): Promise<string>;
-
-  abstract compare(data: string | Buffer, hashedData: string): Promise<boolean>;
-}
diff --git a/backend/src/auth/providers/loginUser.provider.ts b/backend/src/auth/providers/loginUser.provider.ts
deleted file mode 100644
index 1ede443..0000000
--- a/backend/src/auth/providers/loginUser.provider.ts
+++ /dev/null
@@ -1,46 +0,0 @@
-import { Injectable } from '@nestjs/common';
-import { User } from '../../users/entities/user.entity';
-import { Response } from 'express';
-import { ConfigService } from '@nestjs/config';
-import { GenerateTokensProvider } from './generateTokens.provider';
-import { RefreshTokenRepositoryOperations } from './RefreshTokenCrud.repository';
-import { AuthResponse } from '../interfaces/authResponse.interface';
-
-@Injectable()
-export class LoginUserProvider {
-  constructor(
-    private readonly configService: ConfigService,
-
-    private readonly generateTokensProvider: GenerateTokensProvider,
-
-    private readonly refreshTokenRepositoryOperations: RefreshTokenRepositoryOperations,
-  ) {}
-
-  public async loginUser(
-    user: User,
-    response: Response,
-  ): Promise<AuthResponse> {
-    const { accessToken, refreshToken } =
-      await this.generateTokensProvider.generateBothTokens(user);
-
-    await this.refreshTokenRepositoryOperations.saveRefreshToken(
-      user,
-      refreshToken,
-    );
-
-    const jwtExpirationMs = parseInt(
-      this.configService.get<string>('JWT_REFRESH_EXPIRATION') || '604800000',
-    ); // 7 DAYS in milliseconds
-    const expires = new Date(Date.now() + jwtExpirationMs);
-
-    response.cookie('authRefreshToken', refreshToken, {
-      secure: true,
-      httpOnly: true,
-      expires,
-      path: '/auth/refresh-token',
-      sameSite: 'none',
-    });
-
-    return { user, accessToken };
-  }
-}
diff --git a/backend/src/auth/providers/refreshTokens.provider.ts b/backend/src/auth/providers/refreshTokens.provider.ts
deleted file mode 100644
index 87e9190..0000000
--- a/backend/src/auth/providers/refreshTokens.provider.ts
+++ /dev/null
@@ -1,145 +0,0 @@
-import {
-  ForbiddenException,
-  forwardRef,
-  Inject,
-  Injectable,
-  UnauthorizedException,
-} from '@nestjs/common';
-import { InjectRepository } from '@nestjs/typeorm';
-import { Request } from 'express';
-import { UsersService } from 'src/users/providers/users.service';
-import { RefreshToken } from '../entities/refreshToken.entity';
-import { Repository } from 'typeorm';
-import { HashingProvider } from './hashing.provider';
-import { GenerateTokensProvider } from './generateTokens.provider';
-import { RefreshTokenRepositoryOperations } from './RefreshTokenCrud.repository';
-import { ConfigService } from '@nestjs/config';
-import { AuthResponse } from '../interfaces/authResponse.interface';
-
-@Injectable()
-export class RefreshTokensProvider {
-  constructor(
-    @Inject(forwardRef(() => UsersService))
-    private readonly usersService: UsersService,
-
-    @InjectRepository(RefreshToken)
-    private readonly refreshTokenRepository: Repository<RefreshToken>,
-
-    private readonly hashingProvider: HashingProvider,
-
-    private readonly generateTokensProvider: GenerateTokensProvider,
-
-    private readonly refreshTokenRepositoryOperations: RefreshTokenRepositoryOperations,
-
-    private readonly configService: ConfigService,
-  ) {}
-
-  public async refreshTokens(
-    userId: string,
-    refreshToken: string,
-  ): Promise<AuthResponse> {
-    const user = await this.usersService.findUserById(userId);
-
-    // find all the tokens of the user in the database
-    const allTokens = await this.refreshTokenRepository.find({
-      where: {
-        user: {
-          id: userId,
-        },
-      },
-      relations: ['user'],
-    });
-
-    let matchingExistingToken: RefreshToken = null;
-
-    for (const token of allTokens) {
-      const isMatch = await this.hashingProvider.compare(
-        refreshToken,
-        token.token,
-      );
-
-      if (isMatch) {
-        matchingExistingToken = token;
-        break;
-      }
-    }
-
-    if (!matchingExistingToken) {
-      throw new ForbiddenException('Access Denied');
-    }
-
-    // verify refresh token matches
-    const isMatch = await this.hashingProvider.compare(
-      refreshToken,
-      matchingExistingToken.token,
-    );
-
-    if (!isMatch) {
-      throw new ForbiddenException('Invalid refresh token');
-    }
-
-    const now = new Date();
-
-    // if token has already been revoked
-    if (matchingExistingToken.revoked) {
-      throw new UnauthorizedException(
-        'Token already revoked. Kindly login to get a new refresh token',
-      );
-    }
-
-    // if refresh token has expired, mark it has revoked and let the user log in again to get a new access and refresh token
-    if (matchingExistingToken.expiresAt < now) {
-      matchingExistingToken.revoked = true;
-      matchingExistingToken.revokedAt = now;
-      await this.refreshTokenRepository.save(matchingExistingToken);
-
-      throw new UnauthorizedException(
-        'Your session has expired. Please login again',
-      );
-
-      // Then in the frontend, when you get a 401 Unauthorized from /refresh-token, redirect user to login.
-    }
-
-    // if refresh token is still valid, generate only access token
-    if (matchingExistingToken.expiresAt > now) {
-      const newAccessToken = await this.generateTokensProvider.signSingleToken(
-        user.id,
-        this.configService.get('JWT_ACCESS_EXPIRATION'),
-        user.role,
-        {
-          email: user.email,
-        },
-      );
-
-      return {
-        user,
-        accessToken: newAccessToken,
-      };
-    }
-
-    // generate new tokens if the refresh token has expired
-    // const newTokens =
-    //   await this.generateTokensProvider.generateBothTokens(user);
-
-    // const hashedNewRefreshToken = await this.hashingProvider.hashPassword(
-    //   newTokens.refreshToken,
-    // );
-
-    // const newRefreshTokenEntity = this.refreshTokenRepository.create({
-    //   token: hashedNewRefreshToken,
-    //   expiresAt: new Date(Date.now() + this.jwtConfiguration.refreshTokenTTL),
-    //   user: user,
-    //   userId: userId,
-    //   userAgent: req.headers['user-agent'] || '',
-    //   ipAddress: req.ip,
-    // });
-
-    // await this.refreshTokenRepository.save(newRefreshTokenEntity);
-
-    // return {
-    //   user,
-    //   accessToken: newTokens.accessToken,
-    //   refreshToken: newTokens.refreshToken,
-    // };
-  }
-}
diff --git a/backend/src/auth/providers/resendVerificationEmail.provider.ts b/backend/src/auth/providers/resendVerificationEmail.provider.ts
deleted file mode 100644
index 409ddac..0000000
--- a/backend/src/auth/providers/resendVerificationEmail.provider.ts
+++ /dev/null
@@ -1,87 +0,0 @@
-// ManageHub/backend/src/auth/providers/resendVerificationEmail.provider.ts
-import {
-  Injectable,
-  BadRequestException,
-  NotFoundException,
-  HttpException,
-  HttpStatus,
-} from '@nestjs/common';
-import { InjectRepository } from '@nestjs/typeorm';
-import { Repository } from 'typeorm';
-import { User } from '../../users/entities/user.entity';
-// import { EmailService } from '../../email/providers/email.service';
-import { ErrorCatch } from '../../utils/error';
-import * as crypto from 'crypto';
-
-@Injectable()
-export class ResendVerificationEmailProvider {
-  constructor(
-    @InjectRepository(User)
-    private readonly usersRepository: Repository<User>,
-    // private readonly emailService: EmailService,
-  ) {}
-
-  public async resendVerificationEmail(
-    email: string,
-  ): Promise<{ message: string }> {
-    try {
-      // Find user by email
-      const user = await this.usersRepository.findOne({
-        where: { email },
-      });
-
-      if (!user) {
-        throw new NotFoundException('User not found');
-      }
-
-      // Check if user is already verified
-      if (user.isVerified) {
-        throw new BadRequestException('Email is already verified');
-      }
-
-      // Check rate limiting (5 minutes cooldown)
-      if (user.lastVerificationEmailSent) {
-        const timeSinceLastEmail =
-          new Date().getTime() - user.lastVerificationEmailSent.getTime();
-        const cooldownPeriod = 5 * 60 * 1000; // 5 minutes in milliseconds
-
-        if (timeSinceLastEmail < cooldownPeriod) {
-          const remainingTime = Math.ceil(
-            (cooldownPeriod - timeSinceLastEmail) / 1000 / 60,
-          );
-          throw new HttpException(
-            `Please wait ${remainingTime} minute(s) before requesting another verification email`,
-            HttpStatus.TOO_MANY_REQUESTS,
-          );
-        }
-      }
-
-      // Generate new verification token
-      const verificationToken = crypto.randomBytes(32).toString('hex');
-      const verificationTokenExpiry = new Date();
-      verificationTokenExpiry.setHours(verificationTokenExpiry.getHours() + 24); // 24 hours expiry
-
-      // Update user with new token and timestamp
-      await this.usersRepository.update(user.id, {
-        verificationToken,
-        verificationTokenExpiry,
-        lastVerificationEmailSent: new Date(),
-      });
-
-      // Send verification email
-      // const emailSent = await this.emailService.sendVerificationEmail(
-      //   user.email,
-      //   verificationToken,
-      //   `${user.firstname} ${user.lastname}`,
-      // );
-
-      // if (!emailSent) {
-      //   throw new BadRequestException('Failed to send verification email');
-      // }
-
-      return { message: 'Verification email sent successfully' };
-    } catch (error) {
-      ErrorCatch(error, 'Failed to resend verification email');
-    }
-  }
-}
diff --git a/backend/src/auth/providers/verifyEmail.provider.ts b/backend/src/auth/providers/verifyEmail.provider.ts
deleted file mode 100644
index 33c6e6a..0000000
--- a/backend/src/auth/providers/verifyEmail.provider.ts
+++ /dev/null
@@ -1,50 +0,0 @@
-import {
-  Injectable,
-  BadRequestException,
-  NotFoundException,
-} from '@nestjs/common';
-import { InjectRepository } from '@nestjs/typeorm';
-import { Repository } from 'typeorm';
-import { User } from '../../users/entities/user.entity';
-import { ErrorCatch } from '../../utils/error';
-
-@Injectable()
-export class VerifyEmailProvider {
-  constructor(
-    @InjectRepository(User)
-    private readonly usersRepository: Repository<User>,
-  ) {}
-
-  public async verifyEmail(token: string): Promise<{ message: string }> {
-    try {
-      const user = await this.usersRepository.findOne({
-        where: { verificationToken: token },
-      });
-
-      if (!user) {
-        throw new BadRequestException('Invalid verification token');
-      }
-
-      if (
-        user.verificationTokenExpiry &&
-        new Date() > user.verificationTokenExpiry
-      ) {
-        throw new BadRequestException('Verification token has expired');
-      }
-
-      if (user.isVerified) {
-        throw new BadRequestException('Email is already verified');
-      }
-
-      await this.usersRepository.update(user.id, {
-        isVerified: true,
-        verificationToken: null,
-        verificationTokenExpiry: null,
-      });
-
-      return { message: 'Email verified successfully' };
-    } catch (error) {
-      ErrorCatch(error, 'Failed to verify email');
-    }
-  }
-}
diff --git a/backend/src/auth/strategies/jwt.strategy.ts b/backend/src/auth/strategies/jwt.strategy.ts
deleted file mode 100644
index d0b7031..0000000
--- a/backend/src/auth/strategies/jwt.strategy.ts
+++ /dev/null
@@ -1,32 +0,0 @@
-import { Injectable } from '@nestjs/common';
-import { PassportStrategy } from '@nestjs/passport';
-import { ExtractJwt, Strategy } from 'passport-jwt';
-import { ConfigService } from '@nestjs/config';
-import { UsersService } from 'src/users/providers/users.service';
-import { TokenPayload } from '../interfaces/tokenPayload.interface';
-
-@Injectable()
-export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
-  constructor(
-    configService: ConfigService,
-
-    private readonly usersService: UsersService,
-  ) {
-    super({
-      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
-      ignoreExpiration: false,
-      secretOrKey: configService.get('JWT_SECRET'),
-    });
-  }
-
-  async validate(tokenPayload: TokenPayload) {
-    const id = tokenPayload.userId || tokenPayload.sub;
-    const user = await this.usersService.findUserById(id);
-    // Return minimal user data to attach to request
-    return {
-      id: user.id,
-      role: user.role,
-      email: user.email,
-    };
-  }
-}
diff --git a/backend/src/auth/strategies/jwtRefresh.strategy.ts b/backend/src/auth/strategies/jwtRefresh.strategy.ts
deleted file mode 100644
index ac3c174..0000000
--- a/backend/src/auth/strategies/jwtRefresh.strategy.ts
+++ /dev/null
@@ -1,31 +0,0 @@
-import { Injectable } from '@nestjs/common';
-import { ConfigService } from '@nestjs/config';
-import { PassportStrategy } from '@nestjs/passport';
-import { Request } from 'express';
-import { ExtractJwt, Strategy } from 'passport-jwt';
-import { UsersService } from 'src/users/providers/users.service';
-import { TokenPayload } from '../interfaces/tokenPayload.interface';
-
-@Injectable()
-export class JwtRefreshStrategy extends PassportStrategy(
-  Strategy,
-  'jwt-refresh',
-) {
-  constructor(
-    configService: ConfigService,
-    private readonly usersService: UsersService,
-  ) {
-    super({
-      jwtFromRequest: ExtractJwt.fromExtractors([
-        (request: Request) => request.cookies.authRefreshToken,
-      ]),
-      secretOrKey: configService.get('JWT_SECRET'),
-    });
-  }
-
-  async validate(tokenPayload: any) {
-    const user = await this.usersService.findUserById(tokenPayload.sub);
-
-    return user;
-  }
-}
diff --git a/backend/src/auth/strategies/local.strategy.ts b/backend/src/auth/strategies/local.strategy.ts
deleted file mode 100644
index 9cbbc2f..0000000
--- a/backend/src/auth/strategies/local.strategy.ts
+++ /dev/null
@@ -1,19 +0,0 @@
-import { Injectable } from '@nestjs/common';
-import { PassportStrategy } from '@nestjs/passport';
-import { Strategy } from 'passport-local';
-import { AuthService } from '../providers/auth.service';
-
-@Injectable()
-export class LocalStrategy extends PassportStrategy(Strategy) {
-  constructor(private readonly authService: AuthService) {
-    super({
-      usernameField: 'email',
-    });
-  }
-
-  async validate(email: string, password: string) {
-    const user = await this.authService.validateUser(email, password);
-
-    return user;
-  }
-}
diff --git a/backend/src/auth/strategy/jwt.strategy.ts b/backend/src/auth/strategy/jwt.strategy.ts
new file mode 100644
index 0000000..cfd39fb
--- /dev/null
+++ b/backend/src/auth/strategy/jwt.strategy.ts
@@ -0,0 +1,42 @@
+import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { ExtractJwt, Strategy } from 'passport-jwt';
+import { AuthService } from '../auth.service';
+import { UserMessages } from '../helper/user-messages';
+
+interface JwtPayload {
+  sub: string;
+  email?: string;
+  role: string;
+  iat?: number;
+  exp?: number;
+}
+@Injectable()
+export class JwtStrategy extends PassportStrategy(Strategy) {
+  constructor(private readonly authService: AuthService) {
+    const secret = process.env.ACCESS_TOKEN_SECRET;
+    if (!secret) {
+      throw new Error(UserMessages.ACCESS_TOKEN_SECRET_NOT_SET);
+    }
+    super({
+      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+      ignoreExpiration: false,
+      secretOrKey: secret,
+    });
+  }
+
+  async validate(payload: JwtPayload) {
+    try {
+      const user = await this.authService.retrieveUserById(Number(payload.sub));
+      return {
+        id: user.id,
+        fullName: user.fullName,
+        email: user.email,
+        role: payload.role,
+      };
+    } catch (error) {
+      console.log('error validating token', error);
+      throw new UnauthorizedException(UserMessages.INVALID_ACCESS_TOKEN);
+    }
+  }
+}
diff --git a/backend/src/config/app.config.ts b/backend/src/config/app.config.ts
new file mode 100644
index 0000000..cef48b9
--- /dev/null
+++ b/backend/src/config/app.config.ts
@@ -0,0 +1,3 @@
+export default () => ({
+  appName: process.env.APP_NAME,
+});
diff --git a/backend/src/config/database-config.ts b/backend/src/config/database-config.ts
new file mode 100644
index 0000000..697b79a
--- /dev/null
+++ b/backend/src/config/database-config.ts
@@ -0,0 +1,11 @@
+import { registerAs } from '@nestjs/config';
+
+export default registerAs('database', () => ({
+  type: process.env.DB_TYPE || 'postgres',
+  host: process.env.DB_HOST || 'localhost',
+  port: process.env.DB_PORT || 5432,
+  username: process.env.DB_USERNAME || 'postgres',
+  password: process.env.DB_PASSWORD || 'password',
+  database: process.env.DB_NAME || '',
+  synchronize: process.env.DB_SYNCHRONIZE === 'true',
+}));
diff --git a/backend/src/config/email/email-templates/reset-password-email.html b/backend/src/config/email/email-templates/reset-password-email.html
new file mode 100644
index 0000000..e3ed3cf
--- /dev/null
+++ b/backend/src/config/email/email-templates/reset-password-email.html
@@ -0,0 +1,181 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <link rel="preconnect" href="https://fonts.googleapis.com" />
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
+    <link
+      href="https://fonts.googleapis.com/css2?family=Montserrat:wght@400;600&display=swap"
+      rel="stylesheet"
+    />
+    <title>Password Reset OTP</title>
+    <style>
+      body {
+        font-family: 'Montserrat', sans-serif;
+        background-color: #f4f4f4;
+        margin: 0;
+        padding: 20px;
+        display: flex;
+        justify-content: center;
+        align-items: center;
+        min-height: 100vh;
+      }
+
+      .container {
+        background-color: #fff;
+        border-radius: 15px;
+        max-width: 500px;
+        width: 100%;
+        box-shadow: 0 6px 18px rgba(0, 0, 0, 0.1);
+        overflow: hidden;
+        text-align: center;
+      }
+
+      .card-header {
+        background: linear-gradient(to right, #ff0000, #ff0000);
+        padding: 40px 20px 60px;
+        position: relative;
+      }
+
+      .logo-wrapper {
+        background: #fff;
+        padding: 12px;
+        width: 100px;
+        height: 100px;
+        margin: 0 auto;
+        border-radius: 50%;
+        box-shadow: 0 4px 12px rgba(0, 0, 0, 0.15);
+        display: flex;
+        align-items: center;
+        justify-content: center;
+      }
+
+      .logo-wrapper img {
+        width: 80%;
+        height: auto;
+        border-radius: 8px;
+      }
+
+      .svg-divider {
+        position: absolute;
+        bottom: 0;
+        left: 0;
+        width: 100%;
+        height: 50px;
+      }
+
+      .content {
+        padding: 30px 25px 20px 25px;
+      }
+
+      .content h1 {
+        font-size: 22px;
+        color: #222;
+        margin-bottom: 10px;
+      }
+
+      .content p {
+        font-size: 14px;
+        color: #555;
+        margin: 10px 0;
+        line-height: 1.6;
+      }
+
+      .otp-container {
+        margin: 25px 0;
+        display: flex;
+        justify-content: center;
+        gap: 15px;
+      }
+
+      .otp-circle {
+        width: 48px;
+        height: 48px;
+        background-color: #ffdbdb;
+        border: 2px solid #ff0000;
+        border-radius: 50%;
+        display: flex;
+        justify-content: center;
+        align-items: center;
+        font-size: 20px;
+        font-weight: bold;
+        color: #ff0000;
+        transition: transform 0.2s ease;
+      }
+
+      .otp-circle:hover {
+        transform: scale(1.05);
+      }
+
+      .footer {
+        font-size: 12px;
+        color: #888;
+        padding: 0 25px 25px;
+        line-height: 1.5;
+      }
+
+      @media (max-width: 480px) {
+        .otp-container {
+          gap: 10px;
+        }
+
+        .otp-circle {
+          width: 44px;
+          height: 44px;
+          font-size: 18px;
+        }
+
+        .logo-wrapper {
+          width: 80px;
+          height: 80px;
+        }
+      }
+    </style>
+  </head>
+  <body>
+    <div class="container">
+      <div class="card-header">
+        <div class="logo-wrapper">
+          <img
+            src="https://d3m2hwg14ygsbg.cloudfront.net/store/BA-Logomark-on-white-red-4.jpg"
+            alt="BA Logo"
+          />
+        </div>
+        <svg
+          class="svg-divider"
+          viewBox="0 0 500 150"
+          preserveAspectRatio="none"
+        >
+          <path
+            d="M0,0 C150,100 350,0 500,100 L500,00 L0,0 Z"
+            style="stroke: none; fill: #ffffff"
+          ></path>
+        </svg>
+      </div>
+
+      <div class="content">
+        <h1>Hi {{fullName}} 👋</h1>
+        <p>Your OTP code for resetting your password is:</p>
+
+        <div class="otp-container">
+          <div class="otp-circle">{{otp1}}</div>
+          <div class="otp-circle">{{otp2}}</div>
+          <div class="otp-circle">{{otp3}}</div>
+          <div class="otp-circle">{{otp4}}</div>
+        </div>
+
+        <p>
+          This code will expire in 10 minutes. Please do not share it with
+          anyone.
+        </p>
+      </div>
+
+      <p class="footer">
+        If you didn’t request a password reset, you can safely ignore this
+        message.<br /><br />
+        Thank you, <br />The Expense Tracker Team
+      </p>
+    </div>
+  </body>
+</html>
diff --git a/backend/src/config/email/email-templates/verification-email.html b/backend/src/config/email/email-templates/verification-email.html
new file mode 100644
index 0000000..dd69dc4
--- /dev/null
+++ b/backend/src/config/email/email-templates/verification-email.html
@@ -0,0 +1,183 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <link rel="preconnect" href="https://fonts.googleapis.com" />
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
+    <link
+      href="https://fonts.googleapis.com/css2?family=Montserrat:wght@400;600&display=swap"
+      rel="stylesheet"
+    />
+    <title>Verify Your Account</title>
+    <style>
+      body {
+        font-family: 'Montserrat', sans-serif;
+        background-color: #f4f4f4;
+        margin: 0;
+        padding: 20px;
+        display: flex;
+        justify-content: center;
+        align-items: center;
+        min-height: 100vh;
+      }
+
+      .container {
+        background-color: #fff;
+        border-radius: 15px;
+        max-width: 500px;
+        width: 100%;
+        box-shadow: 0 6px 18px rgba(0, 0, 0, 0.1);
+        overflow: hidden;
+        text-align: center;
+      }
+
+      .card-header {
+        background: linear-gradient(to right, #ff0000, #ff0000);
+        padding: 40px 20px 60px;
+        position: relative;
+      }
+
+      .logo-wrapper {
+        background: #fff;
+        padding: 12px;
+        width: 100px;
+        height: 100px;
+        margin: 0 auto;
+        border-radius: 50%;
+        box-shadow: 0 4px 12px rgba(0, 0, 0, 0.15);
+        display: flex;
+        align-items: center;
+        justify-content: center;
+      }
+
+      .logo-wrapper img {
+        width: 80%;
+        height: auto;
+        border-radius: 8px;
+      }
+
+      .svg-divider {
+        position: absolute;
+        bottom: 0;
+        left: 0;
+        width: 100%;
+        height: 50px;
+      }
+
+      .content {
+        padding: 30px 25px 20px 25px;
+      }
+
+      .content h1 {
+        font-size: 22px;
+        color: #222;
+        margin-bottom: 10px;
+      }
+
+      .content p {
+        font-size: 14px;
+        color: #555;
+        margin: 10px 0;
+        line-height: 1.6;
+      }
+
+      .otp-container {
+        margin: 25px 0;
+        display: flex;
+        justify-content: center;
+        gap: 15px;
+      }
+
+      .otp-circle {
+        width: 48px;
+        height: 48px;
+        background-color: #ffdbdb;
+        border: 2px solid #ff0000;
+        border-radius: 50%;
+        display: flex;
+        justify-content: center;
+        align-items: center;
+        font-size: 20px;
+        font-weight: bold;
+        color: #ff0000;
+        transition: transform 0.2s ease;
+      }
+
+      .otp-circle:hover {
+        transform: scale(1.05);
+      }
+
+      .footer {
+        font-size: 12px;
+        color: #888;
+        padding: 0 25px 25px;
+        line-height: 1.5;
+      }
+
+      @media (max-width: 480px) {
+        .otp-container {
+          gap: 10px;
+        }
+
+        .otp-circle {
+          width: 44px;
+          height: 44px;
+          font-size: 12px;
+        }
+
+        .logo-wrapper {
+          width: 80px;
+          height: 80px;
+        }
+      }
+    </style>
+  </head>
+  <body>
+    <div class="container">
+      <div class="card-header">
+        <div class="logo-wrapper">
+          <img
+            src="https://d3m2hwg14ygsbg.cloudfront.net/store/BA-Logomark-on-white-red-4.jpg"
+            alt="BA Logo"
+          />
+        </div>
+        <svg
+          class="svg-divider"
+          viewBox="0 0 500 150"
+          preserveAspectRatio="none"
+        >
+          <path
+            d="M0,0 C150,100 350,0 500,100 L500,00 L0,0 Z"
+            style="stroke: none; fill: #ffffff"
+          ></path>
+        </svg>
+      </div>
+
+      <div class="content">
+        <h1>Hi {{fullName}} 👋</h1>
+        <p>We're excited to have you onboard!</p>
+        <p>
+          To activate your account, please verify your email by entering the
+          4-digit code below:
+        </p>
+        <div class="otp-container">
+          <div class="otp-circle">{{otp1}}</div>
+          <div class="otp-circle">{{otp2}}</div>
+          <div class="otp-circle">{{otp3}}</div>
+          <div class="otp-circle">{{otp4}}</div>
+        </div>
+
+        <p>
+          This code will expire in 10 minutes. Please do not share it with
+          anyone.
+        </p>
+      </div>
+
+      <p class="footer">
+        If you didn’t request this, you can ignore the email.<br /><br />
+        Cheers, <br />The Expense Tracker Team
+      </p>
+    </div>
+  </body>
+</html>
diff --git a/backend/src/config/email/email.service.ts b/backend/src/config/email/email.service.ts
new file mode 100644
index 0000000..e30c2f1
--- /dev/null
+++ b/backend/src/config/email/email.service.ts
@@ -0,0 +1,94 @@
+import * as path from 'path';
+import * as fs from 'fs';
+import { sendgridClient, sendgridSender } from './sendgrid-config';
+
+export async function loadHtmlTemplate(templateName: string): Promise<string> {
+  try {
+    const possiblePaths = [
+      path.resolve(
+        process.cwd(),
+        'src/config/email/email-templates',
+        `${templateName}.html`,
+      ),
+      path.resolve(
+        process.cwd(),
+        'dist/config/email/email-templates',
+        `${templateName}.html`,
+      ),
+    ];
+
+    let templatePath: string | null = null;
+    for (const p of possiblePaths) {
+      try {
+        await fs.promises.access(p, fs.constants.F_OK);
+        templatePath = p;
+        break;
+      } catch {
+        /* empty */
+      }
+    }
+
+    if (!templatePath) {
+      throw new Error(`Template "${templateName}" not found in src/ or dist/`);
+    }
+
+    const content = await fs.promises.readFile(templatePath, 'utf8');
+    if (!content.trim()) {
+      throw new Error(`Template "${templateName}" is empty.`);
+    }
+
+    return content;
+  } catch (error: any) {
+    console.error(`Error loading email template "${templateName}":`, error);
+    throw new Error(
+      `Template "${templateName}" could not be loaded. Check if the file exists and has content.`,
+    );
+  }
+}
+
+export function replacePlaceholders(
+  template: string,
+  placeholders: Record<string, string>,
+): string {
+  let content = template;
+  Object.keys(placeholders).forEach((key) => {
+    const regex = new RegExp(`{{${key}}}`, 'g');
+    content = content.replace(regex, placeholders[key]);
+  });
+  return content;
+}
+
+export async function sendEmail(
+  to: string,
+  subject: string,
+  templateName: string,
+  placeholders: Record<string, string>,
+) {
+  try {
+    const template = await loadHtmlTemplate(templateName);
+    const htmlContent = replacePlaceholders(template, placeholders);
+
+    const msg = {
+      to,
+      from: sendgridSender,
+      subject,
+      html: htmlContent,
+    };
+
+    await sendgridClient.send(msg);
+
+    return { success: true, message: `Email sent to ${to}` };
+  } catch (error: unknown) {
+    if (typeof error === 'object' && error !== null && 'response' in error) {
+      const errObj = error as { response?: { body?: any }; message?: string };
+      console.error(
+        'SendGrid email error:',
+        errObj.response?.body || errObj.message,
+      );
+    } else {
+      console.error('SendGrid email error:', error);
+    }
+
+    return { success: false, error };
+  }
+}
diff --git a/backend/src/config/email/sendgrid-config.ts b/backend/src/config/email/sendgrid-config.ts
new file mode 100644
index 0000000..1faecb6
--- /dev/null
+++ b/backend/src/config/email/sendgrid-config.ts
@@ -0,0 +1,13 @@
+import 'dotenv/config';
+import * as sgMail from '@sendgrid/mail';
+
+const { SENDGRID_API_KEY, SENDGRID_SENDER } = process.env;
+
+if (!SENDGRID_API_KEY || !SENDGRID_SENDER) {
+  throw new Error('Missing SendGrid environment variables');
+}
+
+sgMail.setApiKey(SENDGRID_API_KEY);
+
+export const sendgridClient = sgMail;
+export const sendgridSender = SENDGRID_SENDER;
diff --git a/backend/src/config/pagination/dto/pagination-query.dto.ts b/backend/src/config/pagination/dto/pagination-query.dto.ts
new file mode 100644
index 0000000..9d610cf
--- /dev/null
+++ b/backend/src/config/pagination/dto/pagination-query.dto.ts
@@ -0,0 +1,25 @@
+import { Type } from 'class-transformer';
+import { IsInt, IsOptional, Max, Min } from 'class-validator';
+
+export class PaginationQueryDto {
+  @IsOptional()
+  @Type(() => Number)
+  @IsInt({ message: 'Page must be an integer' })
+  @Min(1, { message: 'Page must be greater than or equal to 1' })
+  page?: number = 1;
+
+  @IsOptional()
+  @Type(() => Number)
+  @IsInt({ message: 'perPage must be an integer' })
+  @Min(10, { message: 'Page must be greater than or equal to 1' })
+  @Max(100, { message: 'perPage must be less than or equal to 100' })
+  perPage?: number = 10;
+
+  @IsOptional()
+  @Type(() => String)
+  category?: string;
+
+  @IsOptional()
+  @Type(() => String)
+  searchTerm?: string;
+}
diff --git a/backend/src/config/pagination/interface/paginated-response-interface.ts b/backend/src/config/pagination/interface/paginated-response-interface.ts
new file mode 100644
index 0000000..fe5aa9a
--- /dev/null
+++ b/backend/src/config/pagination/interface/paginated-response-interface.ts
@@ -0,0 +1,15 @@
+export interface PaginationMetaFormat {
+  currentPage: number;
+  itemsPerPage: number;
+  totalItems: number;
+  totalPages: number;
+  hasPreviousPage: boolean;
+  hasNextPage: boolean;
+}
+
+export interface PaginatedResponse<T> {
+  message: string;
+  items: T[];
+  meta: PaginationMetaFormat;
+  totalAmount: string;
+}
diff --git a/package-lock.json b/package-lock.json
new file mode 100644
index 0000000..c010a74
--- /dev/null
+++ b/package-lock.json
@@ -0,0 +1,6 @@
+{
+  "name": "ManageHub",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {}
+}